Remote Desktop Users cannot log in to workstation with remote desktop


  • I added my old desktop running Windows 7 Professional 64-bit to my server's domain to see whether I wanted to convert my network to a domain. I have run into an issue with remote desktop. A domain administrator account can log in just fine, but trying to log in with an account in the domain (not local) Remote Desktop Users group results in being denied saying the user is not authorized for remote access. The account can log in to the server just fine. The account is not a Domain Admin or any other sort of Admin. I tried to add Remote Desktop Users to the locally allowed remote users, but I can't see or add any domain/builtin accounts. domain/users accounts show up just fine. I tried modifying the default domain policy to explicity add domain/builtin/Remote Desktop Users, and after a restart I still can't log in with the user in question. I cannot add the domain/builtin/Remote Desktop Users group to the local group policy. I can add the LOCAL Remote Desktop Users group to the allowed logon groups, but not the domain equivalent. This user account has never logged in to this workstation before. The server is running Server 2008 R2.

    Has anyone had a similar issue or have any ideas how to solve it? It doesn't seem like it should be this difficult...

    Thursday, April 5, 2012 5:40 PM


  • Hi,

    Thanks for your posting.

    I cannot add the domain/builtin/Remote Desktop Users group to the local group policy.

    Remote Desktop Users group is a build-in group, it only available for local computer. So you can’t add a domain controller Remote Desktop Users group to a local computer.

    Group Policy “Allow users to connect remotely using Terminal Services”, if you enable the policy, you enabled remote desktop feature on the target computer, but not grant user permission to remote to target computer.

    So add you specified user accounts to a security group, and then manually add the group to Remote Desktop Users group on target computer. Or use Group Policy Preference Local Users and Groups feature to add the security group to target computers.

    For more information please refer to following MS articles:

    Add users to the Remote Desktop Users group Allow users to connect remotely using Terminal Services Group Policy Preference: Configure a Local Group Item


    TechNet Community Support

    Monday, April 9, 2012 6:05 AM

All replies