I have an issue where I was modifying some settings in the Default Domain Policy (I know I shouldn't have) and I've managed somehow to set the 'Allow log on through Terminal Services' to a null value (I think I forgot to uncheck it after I removed the groups I deleted). So now I can't login using RDP. I can still access the Domain Controller through ssh so is there a way to remove this setting through powershell or dos?
I ran dcgpofix as I thought that would fix it then ran Get-GPOReport -Name "Default Domain Policy" -ReportType HTML -Path "C:\DefDomPol.html" in powershell modify or but that is still showing the 'Allow log on through Terminal Services' with a setting of null under 'Local Policies/User Rights Assignment'
Asked
Active
Viewed 149 times
0
Sparky26
- 11
- 2
-
Do you not have console access to the Domain Controller? – joeqwerty May 17 '22 at 01:06
-
Can you edit the registry and change the value for the machine to override? I’m pretty sure you can edit registry with powershell. Or connect with RegEdit from another machine. It’s late and I’m not getting out of bed to show you how to do it, but that’s what I would try. – apocalysque May 17 '22 at 07:26
-
I don't have console access as I'm getting the message "To sign in remotely, you need the right to sign in through Remote Desktop Services. By default, members of the Administrators group have this right, or if the right has been removed from the Administrators group, you need to be granted this right manually.". I ran the dcpofix again and I can see now that the Default Domain Policy is back that to 'out-of-the-box' values but I still can't login. I also ran GPResult and I can see that ''Allow log on through Terminal Services' is now gone but I don't understand why I can't login. – Sparky26 May 17 '22 at 09:40