Allow log on through Remote Desktop Services greyed out

How to enable Add User/Group button (greyed) in allow log on through Remote Desktop Services in GPEDIT.MSC

Archived Forums

>

Remote Desktop Services (Terminal Services)

  • Question

  • Allow log on through Remote Desktop Services greyed out

    Allow log on through Remote Desktop Services greyed out

    1

    Sign in to vote

    We have enabled RDP on one of our server and want to access the same bymultiple users, but when trying to login RDP it is showing error "To sign in remotely, you need the right to sign in through remote desktop services. ..(long msg) ... "

    By default all my domain users are allowed access to remotedesktop services in systems. As I gone through different discussion forum I have to enable the user/group in Group Policy also but while i m trying to enable the same the option shows greyed (not able to add user/group). Tried below step -

    1. open gpedit.msc (the local group policy editor)
    2. Expand Local Computer Policy –> Computer Configuration –> Windows Settings –> Security Settings –> Local Policies –> User Rights Management
    3. Look for the setting on the right calledAllow log on through Remote Desktop Services
    4. Double click this policy
    5. Add the user/group you would like to have remote access to the box. (This box is greyed / disabled).

    It is showing one user in this list and I am able to login using that particular user and not with even domain admin or local admin user.

    Please help me to resolve this problem as I tried searching solution on internet but none is working.

    Thanks in advance.

    Saturday, January 31, 2015 11:10 AM

Answers

  • Allow log on through Remote Desktop Services greyed out

    Allow log on through Remote Desktop Services greyed out

    0

    Sign in to vote

    Hi,

    A Domain Controller (DC)and domain group policy object (GPO) are two separate things.

    The ability to add/delete user/group from the Deny group policy setting is not really relevant because that is a differentsetting.

    If a specific group policy settingisconfigured via a domain group policy object, you are blocked from editing it in the local group policy. The reason I asked you to examine the output of gpresult was to look through and determine exactly which GPO has configured the specific setting you are attempting to modify. Once you know the domain GPO that has it configured you may edit the GPO using the Group Policy Management Console (gpmc.msc) on a server that has it gpmc.msc installed.

    After modifying the correct group policy object you need to run gpupdate /force on the RDSH server so that the policy change will take effect.

    -TP

    • Marked as answer by PI Soni Wednesday, February 4, 2015 8:22 AM

    Monday, February 2, 2015 4:21 AM

All replies

  • Allow log on through Remote Desktop Services greyed out

    Allow log on through Remote Desktop Services greyed out

    1

    Sign in to vote

    Hi Praful,

    Can you add the users into local "remote desktop users" group?

    Thanks,

    Umesh.S.K

    Saturday, January 31, 2015 11:41 AM

  • Allow log on through Remote Desktop Services greyed out

    Allow log on through Remote Desktop Services greyed out

    0

    Sign in to vote

    Hi Umesh,

    All domain users are already added to "Remote Desktop Users" group. I also tried adding local user and added it to "RD Users" group but giving same error.

    Saturday, January 31, 2015 12:01 PM

  • Allow log on through Remote Desktop Services greyed out

    Allow log on through Remote Desktop Services greyed out

    0

    Sign in to vote

    Did you open gpedit.msc chosing run as administrator? Do you see anything in event log related to this issue?

    Saturday, January 31, 2015 12:12 PM

  • Allow log on through Remote Desktop Services greyed out

    Allow log on through Remote Desktop Services greyed out

    0

    Sign in to vote

    I logged in as domain admin as well as local admin, result is same.

    I don't see any log related to this as particular option is disable not having any error.

    Saturday, January 31, 2015 12:25 PM

  • Allow log on through Remote Desktop Services greyed out

    Allow log on through Remote Desktop Services greyed out

    0

    Sign in to vote

    Hi,

    From your description it appears the setting is being configured from a domain group policy object. Because of this you need to edit the correct domain GPO instead of the server's local policy. If you are unsure which GPO it is you could log on to the server's console as domain admin, open an admin commandprompt, and type the following commands:

    gpresult /z>gpresult.txt notepad gpresult.txt

    Examine the file in Notepad in order to see which GPO is applying the setting.

    -TP

    Saturday, January 31, 2015 1:16 PM

  • Allow log on through Remote Desktop Services greyed out

    Allow log on through Remote Desktop Services greyed out

    0

    Sign in to vote

    Hi,

    In my scenario, DC and RDP server is different. And first of all I tried changing Allow RDP session privilege on DC GPO and as I could not make changes I tried making changes on RDP (local Server) but result is same.

    As per your instruction I checked GPRESULT status also and I am accessing correct GPO.

    And just for your information, with same user credential I can add/delete user / group in "deny RDP" in User Rights Management option.

    I am sorry for not able to insert the screen shot as my account is yet not verified.

    Monday, February 2, 2015 4:10 AM

  • Allow log on through Remote Desktop Services greyed out

    Allow log on through Remote Desktop Services greyed out

    0

    Sign in to vote

    Hi,

    A Domain Controller (DC)and domain group policy object (GPO) are two separate things.

    The ability to add/delete user/group from the Deny group policy setting is not really relevant because that is a differentsetting.

    If a specific group policy settingisconfigured via a domain group policy object, you are blocked from editing it in the local group policy. The reason I asked you to examine the output of gpresult was to look through and determine exactly which GPO has configured the specific setting you are attempting to modify. Once you know the domain GPO that has it configured you may edit the GPO using the Group Policy Management Console (gpmc.msc) on a server that has it gpmc.msc installed.

    After modifying the correct group policy object you need to run gpupdate /force on the RDSH server so that the policy change will take effect.

    -TP

    • Marked as answer by PI Soni Wednesday, February 4, 2015 8:22 AM

    Monday, February 2, 2015 4:21 AM

Why Is Remote Desktop Not Working?

Usually, setting up RDP on Windows 10 is pretty straightforward. Depending on whether the connection is through a local network or through the Internet, you only need to enable a few settings and you’re home and hosed.

Just to refresh your memory, here are the quick methods to initiate an RDP on a local network, and over the web.

RDP over local network:

  • Launch the Control Panel and click System and Security.
  • Select System on the System and Security screen.
  • Click “Advanced system settings” on the left pane.
  • Switch to the Remote tab in the System Properties dialog.
  • Under Remote Desktop, tick “Allow remote connections to this computer”.
  • Select the “Allow connections only from computers running Remote Desktop with Network Level Authentication” checkbox to connect remotely through a local network.
  • Click the OK, Apply, and OK buttons successively to save your modifications.

RDP over Internet connection:

  • Launch the Remote Desktop app on Windows 10. Get it from the Microsoft Store if it isn’t already installed.
  • Click the Add (+) button and select Desktop.
  • Under the PC Name section, enter the TCP/IP address of the client computer or its local IP address if it is within a private network.
  • Click the + button next to User Account and enter the username and password for the client PC.
  • If you wish, click the + button next to “Display name” and specify the various settings.
  • Click Save to add the remote computer.
  • When you want to connect to the client PC remotely, select it from the Saved Desktops section and click Connect.

Of course, the “Allow remote connections to this computer” option in System Properties must be enabled for remote connection to work over the Internet or a local network.

However, there has been lots of complaint lately that the option to enable RDP on the computer is both greyed out and disabled. This means that users are unable to enable the option and start Remote Desktop. If you are one of the affected users, you can use the steps below to fix the Remote Desktop option greyed out issue on Windows 10.

Why is my remote desktop grayed out?

“Allow users to remotely connect to this computer” Remote Desktop option is grayed out. Specifies whether to allow users to connect remotely using Terminal Services. If the status is set to Disabled, the target computers maintain current connections, but will not accept any new incoming connections.

How do I remotely enable and disable remote desktop?

Load up regedit and go to File > Connect Network Registry. Enter the name of your remote computer and connect to it. Navigate to HKEY_LOCAL_MACHINE > System > CurrentControlSet > Control > Terminal Server. Change the value of “fDenyTSConnections” to “0”.