Windows Server 2012 Standard RDS Access Denied for Domain Users

Solution 1:

Domain Admins always have remote desktop logon rights, but other users need to be granted this privilege explicitly. It sounds like your Domain Users may have been removed from the local permissions group.

Places to Check:

• Ensure that Domain Users are added to the RDS server's "Remote Desktop Users" local security group.
• Open Remote Desktop Session Host Configuration and check the properties for the RDP-Tcp connection. Make sure that nobody modified the security in this location. The security tab should still include "Remote Desktop Users" with 'User Access' and 'Guest Access' allowed.
• Still on the RDP-Tcp Properties dialog, ensure that the security layer setting is "Negotiate" and the encryption level is "Client Compatible" unless you are required to set that higher.
• Check a GPResult for the following:
  • Allow log on through Remote Desktop Services should be set to Administrators, Remote Desktop Users.
  • Deny log on through Remote Desktop Services should be set to Guests and ideally Local account, Guests.
  • Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Session Host > Connections > *Allow users to connect remotely by using Remote Desktop Services* should be set to either Not configured or Enabled.