The connection was denied because the user account is not authorized

Solution 1:

Instead of editing the User Rights Assignment on your workstations, consider using a Group Policy Preference (GPP) setting to modify the membership of the Remote Desktop Users group. By default, anyone that is a member of this group will be granted permission to establish a RDC connection to the machine.

Edit the membership of the Remote Desktop Users group with a Group Policy Preference (GPP) setting as follows:

  1. Create a new Security Group such as My Remote Desktop Users. Members of this group will be granted permission to make Remote Desktop connections.
  2. Edit a Group Policy Object and navigate to Computer Configuration/Preferences/Control Panel Settings
  3. Right-click Local Users and Groups and choose New > Local Group enter image description here

  4. Set Action: to Update

  5. In the Group name: drop-down choose Remote Desktop Users (built-in)
  6. Click Add...
  7. In the Local Group Member dialog box click the ... box and find your group (don't type it in manually)
  8. Confirm Action: is set to Add to this group enter image description here
  9. Click OK two times then close the Group Policy editor.
  10. Apply the Group Policy object to computers to which you want users to be able to access.

The advantage of this method is that you can easily grant/revoke Remote Desktop permissions by modifying a user's membership in the My Remote Desktop Users group, instead of having to edit Group Policy to set a new User Rights Assignment policy then wait for it to propagate to your workstations.

Further, edits to the User Rights Assignment policy are not cumulative. In other words, if you have two Group Policies that modify that policy, only one will have an effect. On the other hand, multiple GPPs can be specified to modify the membership of the Remote Desktop Users group.

Solution 2:

None of these solutions seemed to work for us.

What we ended up doing is opening control panel > opening user accounts > Manage User Accounts > Click the add button if your user is not there.

We did this on the device we were trying to remote to and added the devices user. Worked like a charm.

Solution 3:

Oles,

This method works well to deploy user permissions to a local / client machine from a Windows Server. This is especially powerful if you are trying to control the users and / or computers that can have RDP rights across a large organization. You just need to set up an appropriate Organization Unit structure in your Active Directory, and then apply this GPO as desired. The way you have suggested works, but it's difficult to manage many computers and many users this way, particularly if you are not on-site to do so.

Also note, when you are using the Windows Remote Desktop connection to be sure to use the proper login credentials. At first, I was not including the domain name in the username field, which was causing the RDP connection to be rejected with the "The connection was denied because the user account is not authorized" that started this conversation.

When using RDP to connect to a DOMAIN computer...

Username: DOMAINNAME\USERNAME

Password: **********

After I started using the domain name, this method works perfectly on Windows Server 2019 / Windows 10 clients.