I was working on a project where I faced an issue related to remote desktop services. I could not login to the domain controller located in a remote site. The domain controller refused to allow me in. The error message was “To sign in remotely, you need the right to sign in through Remote Desktop Services. By default, members of the Administrators group have this right “Allow logon through Remote Desktop Services”. If the group you are in doesn’t have this right, or if the right has been removed from the Administrators group, you need to be granted this right manually.” Seems like in my case there was a AD replication issue in the setup. The below procedure allowed me to login to the domain controller.
We all know that only the members of Domain Admins group have the remote RDP access to the domain controllers. Probably in such situation one might of think of adding the user to administrators group. However no one usually allows the domain users permissions to log in to domain controller. Therefore if you come across the above error message, this post will help you.
Allow logon through Remote Desktop Services
In most cases the system admins prefer configure Allow logon through remote desktop services using local policy. This is done using Start > Administrator Tools > Local Security Policy > Local Policies > User Rights Assignment. Edit the policy setting “Allow log on through remote desktop services” and add the user group to allow RDP access.
Allow log on through Remote Desktop Services – This security setting determines which users or groups have permission to log on as a Remote Desktop Services client.
Most of all you can also achieve this by creating a new GPO and applying it to required organizational unit. I prefer using a group policy than editing local policy on domain controllers.