Win10 1909 Enterprise - cant log on via RDP with any local accounts?

dbwillis

Supreme [H]ardness
Joined
Jul 9, 2002
Messages
7,864
I upgraded in place a few machines with apps installed and configured by folks no longer with the company. (7 Sp1 Enterprise to W10 1909 Enterprise)
everything went fine, uninstalled the W7 versioned apps (Office, Adobe, etc) and installed the W10 versions (well, not versions, but packaged installs)
Moved machine to the W10 OU, patched with reboots.

I cannot log in via RDP with any local accounts, Im getting the message "to sign in remotely, you need the right to sign in through remote desktop services....."

the account Im trying to use, was a local account on the W7 install, I deleted it and recreated it, still no go
- its in the local admin group (removed/readded with no change)
- I added it to the RDP users group, no change
- turned off NLA just to try, no luck
- turned off IPv6, no luck

I created another local account, also an admin, no luck, same message, I put a domain user account (standard user, not admin) into the RDP group and was able to log on
Checked in local sec policy, RDP isnt restricted to other than local admins
I can dameware or VNC to the machine and log in with any of the accounts 'directly', so I know the id/pass is correct, I can RDP in as a user and runas on notepad as either of the local accounts.

Im stumped, anyone got ideas?
 

Attachments

dbwillis

Supreme [H]ardness
Joined
Jul 9, 2002
Messages
7,864
Even though GPO was set to allow RDP connections, there was a higher policy applied that i missed in my initial search..
RDP-culprit.JPG

Denying all local accounts from RDP
 

bigdogchris

Fully [H]
Joined
Feb 19, 2008
Messages
18,161
Yeah, whenver you have a computer acting funny, open a elevated cmd prompt and type in gpresult /h filename.html then go into system32 and find the file. That list out all of the policies applying the computer.
 
Top