We are having a strange issue with RDP on Win10 machines. We are trying to allow a specific domain group access to RDP to certain machines but the users in the group are unable to.

Here is all the information I have so far.

• Domain administrators are the only ones who are able to successfully establish a RDP session.

• Domain policy states (as per RSOP) that DOMAIN\domianAdmins, DOMAIN\specialGroup are the settings for "Allow log on through Remote Desktop Services"

• The group has been added to the "Remote Desktop Users" group.

• Local admins (that are added to the Remote Desktop Users group) are able to connect to the machine but are then met with a message "To sign in remotely, you need the right to sign in through Remote Desktop Services. By default, members of the Administrators group have this right, or if the right has been removed from the Administrators group, you need to be granted this right manually." and are then denied a logon.

• When a user in one of these groups attempts to establish a RDP session, they are met with "The system administrator has restricted the types of logon (network or interactive) that you may use."

Are there any other GPO settings that I may be missing that could be blocking? Are there any registry settings that could be causing the issue?