Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, May 3, 2018 10:16 AM
Hi,
currently, we are having some RDP issues after updating to Windows 10. The problem is that "Domain Users" are not able to use the RDP connection. "Workstation Admin" and "Domain Admins" are able to use RDP.
Error: "The system administrator has restricted the types of logon (network or interactive) that you may use. For assistance, contact your system administrator or technical support."
We only have the issue with the connection from Windows 10 to Windows 10 Clients.
The Windows 7 to Win 10 RDP connection is working fine.
After some investigations, we found out that the policy "Access this computer from the network" is the problem. In this policy, we didn't have added the "domain user" to the list of allowed connections. Only "Domain Admins" and "Workstation Admins" are allowed.
We have added the "domain user" to the policy "allow log on through remote desktop services" but it seems this setting is overruled by "Access this computer from the network".
Domain users are also allowed to connect to the clients. They are added to the local "Remote Desktop Users" group.
Now the questions:
- is this a known issue/bug in Windows 10?
- Why is the Windows 7 connection not influenced by this setting?
- How can we enable RDP for a domain user, but not give them access to other administrative stuff (like share access, remote registry.....)?
Thanks and BR
Mirhad
All replies (4)
Friday, May 11, 2018 8:29 AM âś…Answered
Hi Mirhad,
If so, that's by design.
You have to add the domain user to Access this computer from the network group to in order to make the domain user (non-admin) to connect the RDP.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Friday, May 4, 2018 7:41 AM
Hi Mirhad,
What's configuration of your "Access this computer from the network" policy?
Here is my lab machine by default:
I cannot change its default configuration, just adding domain user group to RDP permission as below:
Afterwards, I can remote desktop connection to this Windows 10 1709 lab computer from my Windows 10 1709 often used machine without any problem.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Tuesday, May 8, 2018 7:55 AM
Hi,
RDP is working if we add in the domain users to the "Access this computer from the network" policy, but then we have the problem that the domain users are able to access other remote admin stuff, like remote share, registry.... and so on.
We want to restrict the users only for RDP use, this was possible in Windows 7 and it works from Windows 7 to Windows 10, but not from Windows 10 to Windows 10.
I have no permissions to add images, so I will write down the settings:
in the "Access this computer from the network" policy we only have added the ".../domain admins" and "... \workstation admin"
in the remote desktop settings, we have selected "allow remote connections to this computer" - "allow connections only from computers running remote desktop with network LA.....)" and have added the ".../domain users" to the list of users which can connect.
Thanks and BR
Mirhad
Wednesday, May 30, 2018 6:26 AM
Hi,
Thank you for the reply.
if this is by design then we have to accept that.
Thanks and BR
Mirhad