Announcement

Collapse
No announcement yet.

Remote Desktop with Local Admin Account

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Remote Desktop with Local Admin Account

    I'm trying to RDP into COMPUTER1(Server2003) with a local admin account, but get the following error:

    "To log on to this remote computer, you must be granted the Allow log on through Terminal Services right. By default, members of the Remote Desktop users group have this right...."

    I have the following setup:

    1) COMPUTER belongs to an OU with a GPO applied. This GPO has BUILTIN\Administrators and Domain Admins in the "Allow logon locally" and "Allow logon through terminal services" settings. I checked that this policy has been pushed successfully to COMPUTER.

    2) The local admin account on COMPUTER1 has been added to the explicit Remote Desktop properties on the system (Computer Properties-->Remote Tab--Select Users).


    I read that BUILTIN\Administrators does not include local domain accounts except on domain controllers, so I wanted to explicitly add COMPUTER\LocalAdminAccount to the GPO, but you can only add domain accounts. I tried editing the policy locally, but the options are greyed out since they are overridden by the domain policy.


    The strange thing is that I have two other systems, COMPUTER2(Server2008 ) and COMPUTER3(Server2008 ), one of which lets me RDP with a local admin account (the other gives the same error as COMPUTER1).

    All three systems have the same GPO (in terms of "allow logon locally" and "Allow log on through terminal services")

    Any idea how to RDP into COMPUTER1 with the local admin account?
    Last edited by blashmet; 30th October 2014, 21:38.

  • #2
    Re: Remote Desktop with Local Admin Account

    Why not log on the to computer with the Domain Admin account and add the local user to either the Administrators group or the Remote Desktop Users group?
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: Remote Desktop with Local Admin Account

      Originally posted by JeremyW View Post
      Why not log on the to computer with the Domain Admin account and add the local user to either the Administrators group or the Remote Desktop Users group?
      That's the problem. The "Administrator" user is a member of both the "Administrators" group and "Remote Desktop Users" group. It seems like we should be able to remote in with it.

      The concern is that the GPO might be preventing this because the local account isn't granted explicit remote rights, but we're not sure. I can't add local accounts to the GPO.

      Comment


      • #4
        Re: Remote Desktop with Local Admin Account

        Can you run a GPResult on the computers in question or log on locally?
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment

        Working...
        X