none
The connection was denied because the user account is not authorized for remote login

    Question

  • Using Terminal Server 2008 not able to get non administrator users to login to the remote desktop. Have tried from Windows server 2008 and from Windows servers 2003. Get error login in "The connection was denied because the user account is not authorized for remote login" from Windows Server 2008. Error "The requested session access is denied" from Windows Server 2000.
    Monday, January 11, 2010 8:02 PM

Answers

  • Hello,

    The most obvious reason is that the user are not member of the "remote desktop users" local group of the terminal servers. The disturbing thing is the message of Windows Server 2000???

    Robert
    • Marked as answer by Wilson Jia Monday, January 18, 2010 3:04 AM
    Monday, January 11, 2010 10:46 PM

All replies

  • Hello,

    The most obvious reason is that the user are not member of the "remote desktop users" local group of the terminal servers. The disturbing thing is the message of Windows Server 2000???

    Robert
    • Marked as answer by Wilson Jia Monday, January 18, 2010 3:04 AM
    Monday, January 11, 2010 10:46 PM
  • I just want to add a possible cause for this, because I have spent a while trying to diagnose this error for server 2008 Terminal Server setup a coworker.

    I went through ensuring they were in the Remote Desktop users group, Group Policies etc without finding a solution.

    In the end I determined that it was caused by the TS Licensing being set to "Configure Later". Setting the licensing mode, and restarting fixed the issue.

    Hopefully this helps someone else with the same issue

     

    Wednesday, June 16, 2010 4:35 AM
  • I had the same problem.  I added the user, the group, tore some hair out but in the end I tried remoting using ComputerName.DomainName

     

    That worked immeditately.

    Windows 7 RD to Windows 2008 R2.

     

    Monday, November 07, 2011 4:51 PM
  • I'm getting the same error. 'your connection was denied because your account is not authorized for remote login' when trying to remote desktop to a local user from the domain controller. All the users are added to the "remote desktop users" group and group policy has been set for the group to, allow log on through Remote Desktop Services (This security setting determines which users or groups have permission to log on as a Remote Desktop Services client.) I keep getting the same error messange even when i try the computer name.


    How else could this be blocked or a user not authorize for remote login.





    Thursday, February 16, 2012 2:26 AM
  • I have struggled with the same problem and I found the solution here:

    http://www.technoogies.com/2011/2008-terminal-server-connection-was-denied-not-authorized-for-remote-login

    The solution was to add "Remote Desktop Users" to the users that are allowed to log on to the terminal server using remote desktop. This setting is done locally on the Terminal Server (or Remote Desktop server as it is called in 2008)

    Hov to find the setting:

    Server Manager > Configure Remote Desktop > Remote Settings > Select Users 

    and then you serarch and add the group "Remote Desktop Users". 

    • Proposed as answer by Life as Bryan Friday, July 06, 2012 4:42 PM
    Monday, February 27, 2012 10:03 AM
  • thank you soooooooooo much
    Saturday, August 04, 2012 12:50 PM
  • Great, resolved it for me thanks!!!
    Thursday, October 18, 2012 1:42 PM
  • Great It Worked!!!!!!
    Thursday, July 11, 2013 12:40 AM
  • I know this is old, But you added them to the local RDP group. Well I don't want to add users to the local RDP group of every server. Is there not a way to add users to a domain RDP group to give them the ability to log into any server/computer in the domain?

    James Richardson IT Manager Family Dental Health

    Monday, July 29, 2013 3:12 PM
  • I know this a bit old thread but I would like to answer James because the question is very reasonable, given that one is administering enterprise with hundreds of servers. So that can be achieved by using the Restricted Group to make the Domain Group enabled for remote login, say "Remote User" members of the local machine group called Remote Desktop Users.

    <computer config/policies/windows settings/security settings/restricted groups - add new

    then do gpupdate /force to populate the change.

    Sunday, February 02, 2014 1:43 PM
  • Thanks Wilfred. You just saved my day!
    Saturday, April 19, 2014 6:12 PM
  • Is that seriously the only way to do this? Doesn't this render the "Allow log on through Terminal Services" GP Setting useless?
    Wednesday, June 04, 2014 1:49 PM
  • Gracias funciono perfecto!!!! :D
    16 hours 4 minutes ago