blashmetMemberOct 30, 2014 at 12:43 pm #164466
I’m trying to RDP into COMPUTER1(Server2003) with a local admin account, but get the following error:
“To log on to this remote computer, you must be granted the Allow log on through Terminal Services right. By default, members of the Remote Desktop users group have this right….”
I have the following setup:
1) COMPUTER belongs to an OU with a GPO applied. This GPO has BUILTINAdministrators and Domain Admins in the “Allow logon locally” and “Allow logon through terminal services” settings. I checked that this policy has been pushed successfully to COMPUTER.
2) The local admin account on COMPUTER1 has been added to the explicit Remote Desktop properties on the system (Computer Properties–>Remote Tab–Select Users).
I read that BUILTINAdministrators does not include local domain accounts except on domain controllers, so I wanted to explicitly add COMPUTERLocalAdminAccount to the GPO, but you can only add domain accounts. I tried editing the policy locally, but the options are greyed out since they are overridden by the domain policy.
The strange thing is that I have two other systems, COMPUTER2(Server2008 ) and COMPUTER3(Server2008 ), one of which lets me RDP with a local admin account (the other gives the same error as COMPUTER1).
All three systems have the same GPO (in terms of “allow logon locally” and “Allow log on through terminal services”)
Any idea how to RDP into COMPUTER1 with the local admin account?
You must be logged in to reply to this topic.