‘Allow log on through Terminal Services Right’ error message

Complete error message: “To log on to this remote computer, you must be granted the Allow log on through Terminal Services right. By default, members of the Remote Destop Users group have this right. If you are not a member of the Remote Desktop Users group or another group that has this right, or if the Remote Desktop User group does not have ths right, you must be granted this right manually.”

You’ll find several articles on the internet telling you to make the user a member of the Remote Desktop Users group, but that’s not the whole story. Setting the user to a domain admininstrator will solve the problem, but you may not want to give the user these permissions!

Here how we fixed the ‘Allow log on through Terminal Services Right’ error message:

• Add the user to the Remote Desktop Users group by editing the ‘Member Of’ list in their Active Directory Properties:

• Click Start | Run and execute gpedit.msc (Group Policy Object Editor).
• Expand Local Computer Policy –> Computer Configuration –> Windows Settings –> Security Settings –> Local Policies –> User Rights Management
• Find the ‘Allow log on through Remote Desktop Services’ right.

• Double click the policy to edit it, or right click and select Properties.
• Add the User (or Group) you would like to have remote access into the box.

• Click ‘Apply’ followed by ‘Ok’ and the user will now be able to log into Terminal Services.

Hope this all helps! If there’s anything we’ve missed, then please let us know and help other people log in and use Terminal Services.

Note: instructions and screenshots created from a Windows Server 2003 operating system.