none
The connection was denied because the user account is not authorized for remote login

    Question

  • Using Terminal Server 2008 not able to get non administrator users to login to the remote desktop. Have tried from Windows server 2008 and from Windows servers 2003. Get error login in "The connection was denied because the user account is not authorized for remote login" from Windows Server 2008. Error "The requested session access is denied" from Windows Server 2000.
    Monday, January 11, 2010 8:02 PM

Answers

  • Hello,

    The most obvious reason is that the user are not member of the "remote desktop users" local group of the terminal servers. The disturbing thing is the message of Windows Server 2000???

    Robert
    • Marked as answer by Wilson Jia Monday, January 18, 2010 3:04 AM
    Monday, January 11, 2010 10:46 PM

All replies

  • Hello,

    The most obvious reason is that the user are not member of the "remote desktop users" local group of the terminal servers. The disturbing thing is the message of Windows Server 2000???

    Robert
    • Marked as answer by Wilson Jia Monday, January 18, 2010 3:04 AM
    Monday, January 11, 2010 10:46 PM
  • I just want to add a possible cause for this, because I have spent a while trying to diagnose this error for server 2008 Terminal Server setup a coworker.

    I went through ensuring they were in the Remote Desktop users group, Group Policies etc without finding a solution.

    In the end I determined that it was caused by the TS Licensing being set to "Configure Later". Setting the licensing mode, and restarting fixed the issue.

    Hopefully this helps someone else with the same issue

     

    Wednesday, June 16, 2010 4:35 AM
  • I had the same problem.  I added the user, the group, tore some hair out but in the end I tried remoting using ComputerName.DomainName

     

    That worked immeditately.

    Windows 7 RD to Windows 2008 R2.

     

    Monday, November 07, 2011 4:51 PM
  • I'm getting the same error. 'your connection was denied because your account is not authorized for remote login' when trying to remote desktop to a local user from the domain controller. All the users are added to the "remote desktop users" group and group policy has been set for the group to, allow log on through Remote Desktop Services (This security setting determines which users or groups have permission to log on as a Remote Desktop Services client.) I keep getting the same error messange even when i try the computer name.


    How else could this be blocked or a user not authorize for remote login.





    Thursday, February 16, 2012 2:26 AM
  • I have struggled with the same problem and I found the solution here:

    http://www.technoogies.com/2011/2008-terminal-server-connection-was-denied-not-authorized-for-remote-login

    The solution was to add "Remote Desktop Users" to the users that are allowed to log on to the terminal server using remote desktop. This setting is done locally on the Terminal Server (or Remote Desktop server as it is called in 2008)

    Hov to find the setting:

    Server Manager > Configure Remote Desktop > Remote Settings > Select Users 

    and then you serarch and add the group "Remote Desktop Users". 

    • Proposed as answer by Life as Bryan Friday, July 06, 2012 4:42 PM
    Monday, February 27, 2012 10:03 AM
  • thank you soooooooooo much
    Saturday, August 04, 2012 12:50 PM
  • Great, resolved it for me thanks!!!
    Thursday, October 18, 2012 1:42 PM
  • Great It Worked!!!!!!
    Thursday, July 11, 2013 12:40 AM
  • I know this is old, But you added them to the local RDP group. Well I don't want to add users to the local RDP group of every server. Is there not a way to add users to a domain RDP group to give them the ability to log into any server/computer in the domain?

    James Richardson IT Manager Family Dental Health

    Monday, July 29, 2013 3:12 PM
  • I know this a bit old thread but I would like to answer James because the question is very reasonable, given that one is administering enterprise with hundreds of servers. So that can be achieved by using the Restricted Group to make the Domain Group enabled for remote login, say "Remote User" members of the local machine group called Remote Desktop Users.

    <computer config/policies/windows settings/security settings/restricted groups - add new

    then do gpupdate /force to populate the change.

    Sunday, February 02, 2014 1:43 PM
  • Thanks Wilfred. You just saved my day!
    Saturday, April 19, 2014 6:12 PM
  • Is that seriously the only way to do this? Doesn't this render the "Allow log on through Terminal Services" GP Setting useless?
    Wednesday, June 04, 2014 1:49 PM
  • Gracias funciono perfecto!!!! :D
    Thursday, July 24, 2014 4:05 PM
  • My Goodness, why didn't I think of that, thanks for the refresher!!  #bangsheadonwall
    Friday, September 12, 2014 11:48 AM
  • Is that seriously the only way to do this? Doesn't this render the "Allow log on through Terminal Services" GP Setting useless?

    I would like to know this answer, as well.  I have created a new AD group for my assistant admins called "Domain Admins (limited)".  I have added this group to the GP setting "Allow log on through Terminal Services", but the assistant admins cannot log in through RDP.  It 'feels like' this is all I would need to do.

    Craig

    Monday, October 20, 2014 4:01 PM
  • Is that seriously the only way to do this? Doesn't this render the "Allow log on through Terminal Services" GP Setting useless?


    I would like to know this answer, as well.  I have created a new AD group for my assistant admins called "Domain Admins (limited)".  I have added this group to the GP setting "Allow log on through Terminal Services", but the assistant admins cannot log in through RDP.  It 'feels like' this is all I would need to do.

    Craig

    Found some good info here. There are really two things required for a user to connect to a server via RDP. You can configure one of them via Group Policy but not the other.

    1) Allow log on through Terminal Services can be configured through Group Policy, no problem.

    2) Permissions on the RDP-listener must also be granted.  If your user is a member of the local Administrators group or the local Remote Desktop Users group then this is handled.  If you are trying to utilize a new, custom group (as I am), then there isn't a way to do this via group policy (that I have found).

    EDIT: Found the answer.  I am creating a blog post to outline the steps.  They aren't hard, but they're not self-explanatory.  It deals with the Restricted Groups mentioned above, but it's still automate-able using Group Policy so that you don't have to touch each computer.  I think the above poster (Andrey Ganev) got it right, but I had trouble deciphering his instructions.

    Here is my blog post that walks through this entire process, step-by-step.


    • Edited by Craig_RGC Tuesday, October 21, 2014 12:58 PM
    Monday, October 20, 2014 4:31 PM
  • 1. Make user member of  Remote desktop Users in the AD.

    2. Log into the PC as admin and add the user in the Remote Setting in System Properties.

    3. Log off administrator and log back on as the user.

    Thursday, April 09, 2015 11:57 AM