2

Existing User in our domain can use RDC to take control over a Windows 7 workstation. When I create a user in Active Directory, an add them to Remote Desktop User, they cannot use RDC :

The connection was denied because the user account is not authorized for remote login.

I tried everything in vain, so I'm wondering if there is a limit to the number of users that can use the remote desktop control.

Again, existing user that are member of 'remote desktop users' group can use it perfectly.

Any suggestion ?

Brent Pabst
  • 6,059
  • 2
  • 23
  • 36
zrz
  • 243
  • 1
  • 5
  • 10
  • @MDMarra is correct about the number of concurrent RDP sessions. If legally you want more then those 1 or 2 you will need to replace the OS on the Windows 7 workstation with terminal server. There are ways around this but I do not recommend those for anything but testing and training. Certainly not for important corporate assets. – Hennes Jun 05 '12 at 12:10

1 Answers1

6

That error is because you haven't added that user to the local Remote Desktop Users group on that machine. Check group membership again. Double check. Triple check.

To answer your other question, you can have two concurrent RDP sessions for server management on a server OS. On a client OS, I believe that limit is one.

MDMarra
  • 100,183
  • 32
  • 195
  • 326
  • To add to this answer, we typically add a GPO definition to automatically add certain users to the local group policy, typically for admins, but this also works for some of our desktops too. – Brent Pabst Jun 05 '12 at 12:03
  • You were right, the target machine has to be set up to allow access to specific users, but does it means that RDC authorization has to be managed from each target computer ? Is there any centralized solution with Active Directory ? Maybe executing a script on start with "net localgroup "group" user /ADD" would be a 'good' solution ? – zrz Jun 05 '12 at 12:34
  • Yep, like I said there is a GPO for this! Here's the instructions to add the user/group: http://ct-miramar.com/blog/2010/10/13/add-user-to-remote-desktop-group-using-group-policy/. and the full list of GPO options for RD: http://technet.microsoft.com/en-us/library/ee791756(v=WS.10).aspx – Brent Pabst Jun 05 '12 at 14:16