OK. I've got a situation with RDP access, any insight would be extremely appreciated.
So my goal is to use GPO and Restricted Groups setting to manage local Admins group and also manage who can access the system via RDP. I built a policy, and it essentially adds a few domain groups to local admins, and then a few domain groups to the local Remote Desktop Users group. The policy applies successfully (RSOP shows success, and I can see the group memberships in the local SAM). However, none of the test accounts in the domain groups can RDP to the machine, however test accounts that have Local Admin can RDP to the system.
So, I thought I may have a conflicting GPO somewhere, so I've blocked inheritance at the target OU, and now no GPO are being applied to the system (RSOP shows this). I've manually added a specific test account to the local Remote Desktop Users group, verified that that group has permissions on the RDP-tcp listener (full control), and that Allow logon Locally and via TS is enabled for the local Remote Desktop Users group in Local Policy.
Still, the test account cannot login via RDP. Only local admin accounts. I'm at a loss, am I missing something??
One thing that may throw this off is that this box also is a Citrix Pres server. I've asked the Citrix admins and they've assured me there is no Citrix config that would create this issue.
I've attached the error im seeing. Thanks in advance!!!!
So my goal is to use GPO and Restricted Groups setting to manage local Admins group and also manage who can access the system via RDP. I built a policy, and it essentially adds a few domain groups to local admins, and then a few domain groups to the local Remote Desktop Users group. The policy applies successfully (RSOP shows success, and I can see the group memberships in the local SAM). However, none of the test accounts in the domain groups can RDP to the machine, however test accounts that have Local Admin can RDP to the system.
So, I thought I may have a conflicting GPO somewhere, so I've blocked inheritance at the target OU, and now no GPO are being applied to the system (RSOP shows this). I've manually added a specific test account to the local Remote Desktop Users group, verified that that group has permissions on the RDP-tcp listener (full control), and that Allow logon Locally and via TS is enabled for the local Remote Desktop Users group in Local Policy.
Still, the test account cannot login via RDP. Only local admin accounts. I'm at a loss, am I missing something??
One thing that may throw this off is that this box also is a Citrix Pres server. I've asked the Citrix admins and they've assured me there is no Citrix config that would create this issue.
I've attached the error im seeing. Thanks in advance!!!!
