0

I have just installed Windows Server Essentials 2016 (I am be no means not a Windows expert) and I am trying to let a 'normal' user login onto the server using Remote Desktop.

I know the services and network are OK, because Administrator level users can login without any problem.

I have used the Server Manager to enable "Remote Desktop" and also added both a group and a user to access. Yet, when I try to login, I get the following message:

To sign in remotely, you need the right to sign in through Remote Desktop Services. [....] You need to grant this right manually.

I think I did that through the Server Manager, but apparently not. Where can I grant that right?

Bart Friederichs
  • 353
  • 1
  • 6
  • 23
  • Is this a domain controller? Are there customized group policies being applied to the server? – spacenomyous Nov 10 '17 at 16:31
  • @spacenomyous yes it is a domain controller (there seems to be no other way to run WS Essentials 2016). I haven't applied any group policies, it is a fresh install. – Bart Friederichs Nov 13 '17 at 13:17

5 Answers5

1

You need to add the new group to the "Allow log on through Remote Desktop Services" user right under:

Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\

on your Domain Controllers GPO. By default you should have the Default Domain Controllers Policy. I suggest adding a new GPO and linking it highest with the new change.

Edit: Re-wrote answer based on community feedback

spacenomyous
  • 1,319
  • 7
  • 15
  • 1
    I suggest not suggesting adding users to the local administrators group, on the principle of least privilege. It's not 100% clear but I interpreted the asker as saying they have already added a group and the user in question to the Remote Desktop Users group. – Todd Wilcox Nov 10 '17 at 16:20
1

Add the user to the local “Remote Desktop Users” group on the server.

Appleoddity
  • 3,488
  • 2
  • 13
  • 33
  • When I use the Windows Server Essentials Dashboard, that group does not exist. Only groups I have made myself are available there. When using the Control Panel, I can see the user already is a member of the Remote Desktop Users group. – Bart Friederichs Nov 13 '17 at 13:16
1

Did you try adding the user in "Allow remote access to your computer"? Search it in control panel, then open "Select Users" and add the user to it.

JimNim
  • 2,776
  • 13
  • 24
wsh25
  • 11
  • 1
0

In the firewall you must actively allow RDP access to the machine. I had to do this in order to get a connection. Even when I added before dedicated users.

Florian Storck
  • 131
  • 4
0

Because Windows Server Essentials is a Domain Controller, by default doesn't allow users via RDP, even if you whitelisted them. For example, regular users can't even do a local login. An easy workaround is adding users as members of the "Print operators" group.

Magnetic_dud
  • 1,036
  • 2
  • 15
  • 29