[Løst] RDC mot klient - user account is not authorized for remote login

[Snipper_nr1]

Hei

 

Har en klient maskin i AD som jeg prøve å logge meg på med Remote Desktop Connection men får feilmeldingen "user account is not authorized for remote login". Brukeren er medlem i gruppa Remote Desktop Users. Legger jeg brukeren til i Domain Admins gruppa så er alt ok, men er ikke ønskelig at brukeren skal ligge i Domain Admins gruppa...

Noen som har løsningen her?!

Endret 3. desember 2011 av Snipper_nr1

[fenele]

1:

 

 

1. Logon as administrator, click Start -> Run, type "rsop.msc" in the text

box, and click OK.

2. Locate the [Computer Configuration\Windows Settings\Security

Settings\Local Policies\User Rights Assignment] item.

3. Check the "Allow log on locally" item to see whether this policy is

defined. If so, the "Source GPO" column displays the policy that defines

this policy. Please ensure "Administrators", "Remote Desktop Users",

"Backup Operators", "Account Operators", "Print Operators", "Server

Operators" are granted this right. If it is different, please configure the

corresponding policy to grant the permission.

4. Check the "Allow log on through Terminal Services" item to see whether

this policy is defined. If so, the "Source GPO" column displays the policy

that defines this policy. Please ensure "Administrators", "Remote Desktop

Users", and any other desired users are granted this right. If it is

different, please configure the corresponding policy to grant the

permission.

5. Check the "Deny log on locally" item to see whether this policy is

defined. If so, the "Source GPO" column displays the policy that defines

this policy. Please ensure that the user or any user groups that remote

user belongs to is not included in this right. If so, please modify the

corresponding policy to remove them.

6. Check the "Deny log on through Terminal Services" item to see whether

this policy is defined. If so, the "Source GPO" column displays the policy

that defines this policy. Please ensure that the user or any user groups

that remote user belongs to is not included in this right. If so, please

modify the corresponding policy to remove them.

7. Click Start -> Run, type "cmd" in the text box, and click OK.

8. Run the following command to refresh policy on both the domain

controller and the terminal server:

 

Gpupdate /force

 

 

2:

 

 

Step 2: Allow logon to Terminal Server

------------------------------------

To grant a user these permissions, start either the Active Directory Users

and Computers snap-in or the Local Users And Groups snap-in, open the

user's properties, click the Terminal Services Profile tab, and then click

to select the Allow logon to Terminal Server check box.

 

 

3:

 

 

Step 3: Check TS permission

----------------------------

1. Open the Terminal Services Configuration snap-in.

2. Right click the Rdp-Tcp item, and click Properties.

3. In the Permissions tab, click "Advanced".

4. By default, administrators group and Remote Desktop Users group have

been granted the permissions. You can also add other users and groups and

grant them the corresponding permissions.

 

After checking the steps above and this issue still persist, please check

security settings on General tab of Terminal Services Configuration

snap-in. In security level, dose it set 'negotiate'? In Encryption level,

dose it set 'Client Compatible'?