We are not able to login with local admin account for our servers through RDP. Whereas from VMconsole we are able to login
Tried to move the server to workgroup then it works through RDP.
This is due to GPO setting that is being applied but not sure which setting is causing this issue.
Allow log on locally and allow logon through remote desktop services are being enabled through GPO and administrators group is part of it.
Any thoughts or directions would be helpful for me
Unable to take RDP through local admin account
- 424 Views
- Last Post 2 weeks ago
Check the setting “Deny access to this computer from the network” at “Computer Configuration | Policies | Windows Settings | Security Settings | Local Policies | User Rights Assignment”. If
you have either “NT AUTHORITY\Local account and member of Administrators group”, or simply “NT AUTHORITY\Local account”, then you have a GP that is applying some mitigation measures to prevent lateral movement by local accounts. Although you are allowing
admins to connect as you mentioned below, this Deny rule supersedes the Allow rule.
Note that “Deny access to this computer from the network” applies since with modern versions of Windows with Network Level Authentication (NLA), it also needs this right to be able to RDP to