none
Remote Desktop Login to Domain Controllers not working anymore

    Question

  • After creating a GPO which denied interactive logins for a single security group and linking it to the domain level no one was able to login locally or remotely anymore to any Computer; so i deleted it and ran gpupdate /force on every computer.

    Local and remote Login was possible again everywhere except on domain controllers, where remote login isn't possible now anymore. The reason stated is that the right is missing for Domain Admins to login remotely.
    There is no GPO which restricts RDP Logins for anyone to DCs, so i created a allow rule for every kind of Admin we have; but its still not working.

    Wednesday, February 11, 2015 11:07 AM

Answers

  • Hi Hendrik,

    >>The reason stated is that the right is missing for Domain Admins to login remotely.

    By default, domain admins have right to logon remotely. Moreover, by default, group policy setting Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Right Assignment\Allow log on through Remote Desktop Services is not defined. However, once we enable this setting, we need to explicitly add Domain Administrators group in the setting. Otherwise, domain admin will be blocked from logon remotely.

    >>There is no GPO which restricts RDP Logins for anyone to DCs, so i created a allow rule for every kind of Admin we have; but its still not working

    Here, on domain controllers, please run command gpresult/h gpreport.html to collect group policy result report to check if the above setting is enabled. If you can't see computer part settings in the report, run the command with elevated privileges. If necessary, you may upload the report to OneDrive for us to help you check this.

    Best regards,
    Frank Shen


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Friday, February 13, 2015 2:35 AM
    Moderator