To-Sign-in-Remotely,-You-Need-the-Right-to-Sign-in-Through-Remote-Desktop-Service

To Sign in Remotely, You Need the Right to Sign in Through Remote Desktop Service


When connecting to a Windows computer or server over the RDP, you may encounter an error:

To sign in remotely, you need the right to sign in through Remote Desktop Services. By default, members of the Administrators group have this right, or if the right has been removed from the Administrators group, you need to be granted this right manually.

To sign in remotely you need the right to sign in through Remote Desktop Services

How can you remotely connect to the desktop of such a computer (the screenshot with an error taken from Windows 10)?

As you probably know, by default, the permissions to remotely login via Remote Desktop is available to members of the local administrators group. The account under which you connect to the computer must be a member of the local Administrators group. You can check it on the computer using the Local Users and Groups MMC console (lusrmgr.msc).

In the Local Users and Groups console, go to the Groups section, select the Administrators group and check if your account is in this list.

To sign in remotely you need the right to sign in Remote Desktop Services

A common user (non-administrator) can also connect to a computer via RDP if his account is added to the local group Remote Desktop Users (Members in this group are granted the right to logon remotely).

In the same lusrmgr.msc snap-in, check out these group members. If you have administrator privileges on this computer, you can add a user account to this group by clicking the Add button. Enter the name of the user or security group and click OK twice to save the change.

Due to this, the user will have the permission to remotely logon via Remote Desktop, but won’t have local administrator privileges on the computer.

fix To sign in remotely you need the right to sign in Remote Desktop Services

You can also allow users to remotely connect to Remote Desktop Services using the local group policy editor.

  1. Run the gpedit.msc console and go to the section Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment;
  2. Find a policy named Allow log on through Remote Desktop Services Properties;
    Tip
    . If this policy only contains the Administrators group, then your administrator, for some reason, has denied access to the system via RDP for the local Remote Desktop Users group.
  3. Click the Add User and Group button and add users or groups that need to allow RDP login;
  4. Save changes and update computer policies using the command: gpupdate /force

fix To sign in remotely you need the right to sign in Remote Desktop Services error

Tip. Using this policy, you can grant RDP access to domain controllers to technical staff or users without giving them domain admin permissions in the Active Directory domain. This trick will also work if you have installed the Remote Desktop Services role on the AD domain controller (although this is not recommended) and you want to allow ordinary users to connect to it via RDP/RemoteApp.

Also in the same section of the GPO editor, make sure that your account is not specified in the Deny log on through Remote Desktop Services policy. This policy has higher priority.

Deny logon through Remote Desktop Services

If your computer is joined to the AD domain, these settings may be overwritten by domain policies. The current GPO settings can be obtained using the rsop.msc snap-in.

You may also like:

Deploy LGPO with MDT 2013 Local Group Policy (LGPO) of computer is configured through gpedit.msc snap-in, which does not provide the possibility to export/import settings. That...
Using PsExec to Run Commands Remotely The PsExec is an easy Windows utility to replace the telnet tool. It allows you to run programs and processes on remote systems, using all the feature...
How to Migrate User Profiles with User State Migra... One of the most popular tools to migrate user profiles from one Windows computer to another is the set of CLI utilities – User State Migration Tool (U...
Enable Multiple RDP Sessions for Single User on Wi... In all versions of Windows Server (from Windows Server 2000 to the latest Windows Server 2019), multiple remote desktop connections are allowed. Howev...
How to Mount Windows Folder into VMware ESXi In this article we will take a look on how to connect a network folder from Windows 2012 R2 Server as a datastore on the VMware ESXi host and use it t...

Add Your Comment