If you receive the error message “To sign in remotely, you need the right to sign in through Remote Desktop Services” when trying to connect from Windows Remote Desktop (RDP) Client machines on a Windows Server that is running Remote Desktop Services, then this post is intended to help you. In this post, we will provide the appropriate solution you can try to mitigate the issue.
When you encounter this issue, you’ll receive the following full error message:
To sign in remotely, you need the right to sign in through Remote Desktop Services. By default members of the Administrators group have this right. If the group you’re in does not have the right, or if the right has been removed from the Administrators group, you need to be granted the right manually.
To sign in remotely, you need the right to sign in through Remote Desktop Services
If you’re faced with the issue, you can apply the 2-step solution described below on the Remote Desktop Services (RDS) Windows Server to resolve the issue.
- Add Remote Desktop Users to the Remote Desktop Users Group
- Allow the log on through Remote Desktop Services
Let’s take a look at the description of the process involved in the 2-step solution as it concerns each step.
1] Add Remote Desktop Users to the Remote Desktop Users Group
To add Remote Desktop Users to the Remote Desktop Users Group, do the following:
- Open Server Manager.
- From Tools menu, select Active Directory Users and Computers.
If the RD Session Host Server is not installed on the Domain Controller, use the Local Users and Groups snap-in or the Remote tab in the System Properties, to add the Remote Desktop Users.
- Double click at your domain on the left and then select Builtin.
- Open Remote Desktop Users on the right pane.
- At Members tab, click Add.
- Type the AD users that you want to give Remote access to the RDS Server.
- Click OK.
- After selecting the remote desktop users, click OK again to close the window.
Now, you can proceed with Step 2 below to resolve the issue
2] Allow the log on through Remote Desktop Services
To allow the log on through Remote Desktop Services, do the following:
- Press Windows key + R to invoke the Run dialog.
- In the Run dialog box type gpedit.msc and hit Enter to open Group Policy Editor.
- Inside the Local Group Policy Editor, use the left pane to navigate to the path below:
Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment
- At the right pane, double-click on Allow log on through Remote Desktop Services to edit its properties.
- In the properties page that opens, click Add User or Group button.
- Now, type remote and then click Check Names button.
- Select the Remote Desktop Users from the list.
- Click OK all through to exit Group Policy Editor.
Restart the RDS server or just open CMD prompt in admin/elevated mode and type the command below and hit Enter to apply the new group policy settings (without restart).
Once the command executes or the RDS Windows server reboots, you can try to connect from the Windows 10 remote desktop client – the issue should be resolved now.
If after updating the Group Policy settings, the problem is not resolved, apply the following modification at Group Policy Editor:
Navigate to the following path below:
Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.
Then, open the Deny log on through Remote Desktop Services policy and remove the Users group.
Exit Group Policy Editor and run the gpupdate /force command.