1

I have Windows Server 2012R2 virtual servers connected to an Active Directory domain. The servers accept both domain user/pass and domain Smart Card logins. All administrative accounts/users can log in and get to the desktop without issues. However, when a non-administrative AD user attempts to log into the server, it goes through the whole login/profile/etc. process as usual but just as the desktop is about to come up the servers immediately say "Logging off ..." and the session ends.

I have added the AD user(s) to the server's "Remote Desktop Users" group and I have updated and added the user(s)/group to the LGPO "Allow log on through Remote Desktop Services" policy. I have tried numerous suggestions from here and from the web and so far nothing works. If I add the user(s) to the Administrators group they can log in and get to the desktop, and when I remove them from the group they can't.

This is a standard server and is not a connection broker, session host, or domain controller.

Is there something else that I am missing that would prevent non-admin users from getting to their desktop?

n0nuf
  • 9
  • 2
  • Look in the event logs for clues. – joeqwerty Jun 03 '21 at 16:51
  • Also, if this server is not an RDSH server then why are end users logging onto it? – joeqwerty Jun 03 '21 at 16:53
  • Probably a group policy with a logon script to logoff users if they are not admins. – Swisstone Jun 03 '21 at 18:38
  • Event logs are clean. It's complicated... let's just say that this small group of regular users need to log in to a server in another domain to refresh their account in that domain b/c the GPO / trust on their local domain machines prevents them from using this account in the local domain. – n0nuf Jun 03 '21 at 18:39

0 Answers0