Remote Desktop select users greyed out
Why Is Remote Desktop Not Working? Show
Usually, setting up RDP on Windows 10 is pretty straightforward. Depending on whether the connection is through a local network or through the Internet, you only need to enable a few settings and you’re home and hosed. Just to refresh your memory, here are the quick methods to initiate an RDP on a local network, and over the web. RDP over local network:
RDP over Internet connection:
Of course, the “Allow remote connections to this computer” option in System Properties must be enabled for remote connection to work over the Internet or a local network. However, there has been lots of complaint lately that the option to enable RDP on the computer is both greyed out and disabled. This means that users are unable to enable the option and start Remote Desktop. If you are one of the affected users, you can use the steps below to fix the Remote Desktop option greyed out issue on Windows 10. Windows 10 allow Remote Desktop access grayed out and won't let me change options
Archived Forums >Windows 10 Virtualization
Answers
All replies
Why is Remote Desktop option greyed out?Many users have reported that sometimes the Remote Desktop option is greyed out when they were trying to connect Windows 11/10/8.1/8/7 computer remotely. This normally refers to the “Allow remote connections to this computer” option is invariable and by default, and the“Don’t allow remote connections to this computer” option is invariable and checked, as shown in the following screenshot. This means that users are unable to enable the option and start Remote Desktop. If the remote desktop connection is greyed outand by default, then this almost probably happens due to a Policy setting. To enable remote desktop settingsin Windows 10 its necessary to change some settings Remote Desktop option is greyed out:Note:Modifying the Registry is risky, and it causes irreversible damage to your OS Installation Follow the steps correctly. Friendly advice Before Modifying RegistryCreating Restore Pointis recommended. Open run command by pressingWindows + Rand typeRegeditand hit enter. This command will open the Registry Editor console. Now Navigate to the following location. Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services From the Left-hand side click on the Terminal Services and from the right-hand side, you can see the DWORD value named fDenyTSConnections. Double click on the DWORD and modify the value according to the table below. 0 -Allow users to connect remotely using Terminal Services / Remote Desktop 1 – Disallow users to connect remotely using Terminal Services / Remote Desktop Enter the value and click on OK. Restart the system once and check, Mostly this method will fix the issue. 30 Replies
· · ·
Poblano OP
Michael9006 May 20, 2013 at 16:08 UTC
If I'm following your question correctly, I think you may need to do thefollowing: 1) Set up a group and add those users to it. (We user a group called "Remote Users." 2) Add your new Remote Users group to the Remote Desktop Users group on your terminal server. Does that make sense? 0
· · ·
Poblano OP
GrayBeard
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
Michael, I will try your suggestion but I find it odd that I already have a "remote desktop users" group in AD and even though I can add users to that group I still receive the error message like they don't have permission. I have also added each user individually under the "remote settings" tab on the server. 0
· · ·
Poblano OP
GrayBeard
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
I still receive the error message "you must be granted the All logon through terminal services right" 0
· · ·
Jalapeno OP
Talk Nerdy 2 Me May 20, 2013 at 16:23 UTC
Check these:
Computer management - users properties - Terminal Services Profile - Deny logon to Terminal Server. 1
· · ·
Habanero OP
Sean Donnelly
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
Check out your Group Policy in this path Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections and Enable "allow users to connect remotely by using Remote Desktop Services". 1
· · ·
Poblano OP
GrayBeard
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
talk nerdy, the secpol.msc allow logon option has the list of three users but the option to add users is greyed out. there seems to be another policy at work here. 0
· · ·
Habanero OP
Sean Donnelly
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
That would most likely be group policy, do you have RSAT installed on your PC that could allow you to access Group Policy Management Console? If on a domain I believe this will take precedence and you need to manage through this way. Otherwise if you do not you can access on your domain controller and do as listed above. 0
· · ·
Poblano OP
GrayBeard
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
Sean, I do not see Remote desktop services, only Terminal Services 0
· · ·
Poblano OP
GrayBeard
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
sean, I was able to set the policy to "enable" and did a gpupdate on the server. still receiving the same error regarding the allow logon through terminal services right. 0
· · ·
Habanero OP
Sean Donnelly
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
That should be it if under Windows 2003 domain Computer Configuration, Administrative Templates, Windows Components, Terminal Services, double-click the Allow users to connect remotely using Terminal Services = Enabled 0
· · ·
Jalapeno OP
Talk Nerdy 2 Me May 20, 2013 at 16:49 UTC
mrtimyork wrote:
Are you on a domain? 0
· · ·
Habanero OP
Sean Donnelly
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
Try to do a gpupdate /force to do a background and foreground refresh and then try using RDC to the server. 0
· · ·
Poblano OP
GrayBeard
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
yes 0
· · ·
Jalapeno OP
Talk Nerdy 2 Me May 20, 2013 at 17:01 UTC
OK then you need to make these changes at the domain level. Let me be more specific so we know we are in the right place.
Computer Configuration –> Windows Settings –> Security Settings –> Local Policies –> User Rights Management 0
· · ·
Poblano OP
GrayBeard
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
talk nerdy, I am there but "add user or group" is still greyed out. i see two additional users listed her besides the administrator and i need to add two more. 0
· · ·
Jalapeno OP
Talk Nerdy 2 Me May 20, 2013 at 17:12 UTC
Are you on the domain controller? 0
· · ·
Jalapeno OP
Talk Nerdy 2 Me May 20, 2013 at 17:17 UTC
Run "rsop.msc" on the Terminal Server. Then change the "Allow log through terminal services" settings. 0
· · ·
Ghost Chili OP
Semicolon
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
If the option is greyed out it is most likely because a group policy has been applied to the server whereby remote desktop users is a restricted group for which membership can only be controlled in that group policy. 0
· · ·
Jalapeno OP
Talk Nerdy 2 Me May 20, 2013 at 17:27 UTC
Exactly. If you use RSOP.msc the "Precedence" TAB will tell you which policy you need to edit. 1
· · ·
Habanero OP
Sean Donnelly
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
Can we check something to see if your policy is being applied on the server? Go into regedit on the affected server and then locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server and then the DWORD value of fDenyTSConnections, to enable it should be set 0 to deny it should be 1, what do you see? 0
· · ·
Jalapeno OP
Talk Nerdy 2 Me May 20, 2013 at 17:29 UTC
It should in most cases be "Default Domain Controllers" policy. This may differ if you have created a custom policy or if you have a dedicated Terminal services server, which is probably best practice but not the most common. Most 2008 networks have the Domain controller configured as the primary services provider for just about every service including Terminal services. 0
· · ·
Jalapeno OP
Talk Nerdy 2 Me May 20, 2013 at 17:32 UTC
He hasn't gotten that far yet. He is still unable to add the users he needs to the allow logon policy. This is likely due to attempting to edit the policy on the local machine instead of the terminal server or from a custom GPO instead of the default one for that server. 0
· · ·
Ghost Chili OP
Semicolon
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
It should be 0 - because he's actually getting a connection; just unable to login. 0
· · ·
Ghost Chili OP
Semicolon
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
None of the settings referenced above are going to grey out the "add/remove" function from the local Remote Desktop Users group. In your group policy management console, you'll want to review the Group Policy Results for the subject server. Review any configured settings in the following area: Computer Config -> (Policies ->) Windows Settings -> Security Settings-> Restricted Groups You should see an entry somewhere for "Remote Desktop Users," when you find this setting, you will need to add the appropriate Domain account/groups here, or un-configure the setting so that the Local Add/Remove Users/Groups box is available for selection and you can apply these restrictions on a server by server basis. Additionally, on the server you could go into the local policy on the server in question, (gpedit.msc) and manually adjust these settings (I wouldn't recommend it, just because if it's not in the Domain GPO, somebody's going to forget about this setting) Computer Config -> (Policies ->) Windows Settings -> Security Settings-> Local Policies -> User Rights Assignment: "Allow log on through remote desktop (terminal) services," and add the users/groups in this box. 1
This topic has been locked by an administrator and is no longer open for commenting. To continue this discussion, please ask a new question. "Allow users to remotely connect to this computer" Remote Desktop option is grayed out
Click Start, Run. Type GPEDIT.MSC and press Enter. Navigate to: Computer configuration | Administrative Templates | Windows Components | Terminal Services In the right-pane, double-click Allow users to connect remotely using Terminal Services Set it to Not configured An excerpt from the GPEDIT.MSC help Specifies whether to allow users to connect remotely using Terminal Services. You can use this setting to configure Terminal Services remote access for the target computers. If the status is set to Enabled, users can connect to the target computers remotely using Terminal Services. You can limit the number of users who can connect simultaneously by configuring the "Limit number of connections" setting or the "Maximum Connections" option on the Network Adapter tab in the Terminal Services Configuration tool. If the status is set to Disabled, the target computers maintain current connections, but will not accept any new incoming connections. If the status is set to Not Configured, Terminal Services uses the "Allow users to connect remotely to your computer" option on the target computer to determine whether remote connection is allowed. This option is found on the Remote tab in System Properties. Note that Remote Desktop is based on Terminal Services Equivalent REG value for this Policy setting [HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services] Value named fDenyTSConnections
x x |