/
  • Last updated
/
  • 6 min read

How to Allow or Prevent Users and Groups to Log on with Remote Desktop in Windows 10

How to Allow or Prevent Users and Groups to Log on with Remote Desktop in Windows blog banner image

Remote Desktop Protocol (RDP) is a Windows feature that can allow log-on through Remote Desktop Services over a network. IT teams use this to troubleshoot issues directly on endpoints from a distance. Plus, it makes remote work easier by allowing employees to access their computers regardless of where they are. You can also use RDP to restrict entry to endpoints, enhance security, and eliminate unauthorized logins.

How to allow users or groups to log in via Remote Desktop

Option 1: Allow users via System Properties

System Properties is a Microsoft Windows feature for editing operating system settings. Here, you can manage your hardware and change operating system settings, connectivity, user profiles, and security. Here are the steps to log in through the Remote Desktop Services registry:

  1. Open Settings and go to System > Remote Desktop.
  2. Under User Accounts, click Select Users That Can Remotely Access this PC.
  3. In the Remote Desktop Users window, click Add.
  4. Enter the username or group you want to allow.
  5. Click OK, then apply changes.

Option 2: Allow users via Computer Management

Computer Management is a console that gives you access to various administrative tools. It lets you manage your Windows system’s hardware, software, and network components. To get logged-on users on RDP via Computer Management, use this process:

  1. You can open Computer Management by searching for it using the Start menu.
  2. Go to Local Users and Groups, then proceed to Groups.
  3. Double-click Remote Desktop Users.
  4. Click Add, enter the user or group name, and finally click OK.

Option 3: Allow users via Local Group Policy Editor (Pro & Enterprise Editions)

An essential aspect of RDP, the Local Group Policy Editor, is a Microsoft Management Console tool that lets you configure and modify Group Policy permissions. It is vital to change the settings of multiple users and computers in a network environment.

To allow log-on through Remote Desktop Services using the Local Group Policy Editor, follow this procedure:

  1. Open Local Group Policy Editor.
  2. Navigate to Computer Configuration, go to Windows Settings, and then proceed to Security Settings. After this, go to Local Policies and, finally, go to User Rights Assignment.
  3. Look for Allow log on through Remote Desktop Services, and double-click it.
  4. Click Add User or Group, enter the user or group, and click Confirm.

How to prevent users or groups from logging in via Remote Desktop

Option 1: Remove users from Remote Desktop Access in System Properties

  1. Open Settings, proceed to System, and then find and select Remote Desktop.
  2. Click Select Users That Can Remotely Access this PC.
  3. Select the user or group you want to remove and click Remove.

Option 2: Remove users via Computer Management

  1. Open Computer Management, then proceed to Local Users and Groups, and finally, Groups.
  2. Next, double-click Remote Desktop Users.
  3. Select the user or group and click Remove.

Option 3: Prevent users via Group Policy Editor (Pro & Enterprise editions)

  1. Open Local Group Policy Editor.
  2. Navigate to Computer Configuration, then click Windows Settings. Next, select Security Settings, proceed to Local Policies, and lastly, User Rights Assignment.
  3. Find Deny log on through Remote Desktop Services, and double-click it.
  4. Click Add User or Group, enter the corresponding information, and click Confirm.

Who can use Remote Desktop?

Administrators primarily use Remote Desktop. They can access it by default, letting them tweak settings, add users, and restrict access to specific users and groups. Meanwhile, standard users must be added to the Remote Desktop Users group by administrators, or those with the right permissions must add standard users to the Remote Desktop Users group.

Troubleshooting Remote Desktop access issues

On some occasions, even if you allow users to log on to a Remote Desktop connection, these issues may come up:

The user cannot connect via Remote Desktop after being added.

  1. Be sure to check if the user account is part of the Remote Desktop Users group on the target computer. You can verify user permissions by going to Computer ManagementLocal Users and Groups, and selecting Groups.
  2. After this, proceed to System Properties, then the Remote Desktop tab.
  3. Ensure that Enable Remote Desktop is set to On.
  4. Click on Advanced Settings and verify the Remote Desktop Port.

The user is getting an “Access Denied” error when logging in

Some issues may arise after you allow logging on through Remote Desktop Services. Here are the most common problems and how to troubleshoot them.

  1. Ensure the user is not listed on the Deny log on through Remote Desktop Services policy. You can do this by:
    • Use the Win + R keys to open the Run dialog box, and type secpol.msc. Press Enter. This will open the Local Security Policy window.
    • In the left pane of Local Security Policy, expand Local Policies, then click on User Rights Assignment.
    • This window will show users and groups denied access to Remote Desktop Services.
  2.  Confirm that the Windows Firewall rules allow Remote Desktop connections. Accomplish this by:
    • Go to the Control Panel, select System and Security, then click Windows Firewall.
    • Pick Allow an app or feature through Windows Firewall.
    • Make sure that Remote Desktop has been checked.

Frequently Asked Questions (FAQs)

How can you check which users have Remote Desktop Access?

To check which users have Remote Desktop Protocol access, go to the Local Computer Management and check the settings. Here’s how:

  1. Use the shortcut Win + R, then select Run.
  2. Type lusrmgr.msc and press Enter, bringing you to the Local Computer Management interface.
  3. Next, expand the Local Users and Groups interface.
  4. Click on Groups to see which groups have access.
  5. To check which users have access, select the Remote Desktop Users group.

Can you allow users to log on through Remote Desktop Services while blocking others?

Yes. With Local Group Policy Editor, you can restrict certain users and programs from logging in to Remote Desktop Connection.

Why is Remote Desktop not available in Windows Home?

Remote Desktop can only be accessed in the Windows Pro and Windows Enterprise editions. Windows Home editions don’t have the RDP feature.

Windows Home editions do not have the built-in RDP server functionality.

Does removing a user from Remote Desktop also remove their local access?

It does not. Removing a user from the Remote Desktop Users group will not remove their local access to their computer. It will only revoke their remote access, not remove their ability to log in locally.

Why prevent and allow users to log on through Remote Desktop Services?

There are many ways to check and tweak remote desktop settings, including checking who has access. Options include using Windows’ system settings, accessing Computer Management, and the Group Policy Editor, all of which provide different methods to manage RDP access. Moreover, it’s a great way to control a PC remotely.

Overall, Remote Desktop lets IT teams and organizations work seamlessly and productively. It allows users to access their work files remotely, enabling them to attend to their tasks from a distance. Meanwhile, IT teams and troubleshooters can fix issues remotely if needed. Your team will work better in the long run if this feature is part of your organization’s workflow.

Start your Free Trial

You might also like

How to Configure Improve Inking and Typing Recognition in Windows 10 blog banner image

How to Improve Inking and Typing Recognition in Windows 10

How to Add or Remove the System Cooling Policy from Power Options in Windows blog banner image

How to Add or Remove the “System Cooling Policy” from Power Options in Windows

Hide or Show Firewall and Network Protection in Windows Security in Windows 10 blog banner image

How to Hide or Show Firewall and Network Protection in Windows Security

How to Turn On or Off Play HDR Content When on Battery in Windows 10 blog banner image

How to Turn On or Off Play HDR Content When on Battery in Windows 10

Quick Guide- How to View All Network Shares on a Windows PC blog banner image

Quick Guide: How to View All Network Shares on a Windows PC

How to Deny Local Sign-In for Users and Groups in Windows 10 blog banner image

How to Deny Local Sign-In for Users and Groups in Windows 10

Back to Blog Home
Ready to simplify the hardest parts of IT?
Start a Free Trial
Get a demo
×

See NinjaOne in action!

By submitting this form, I accept NinjaOne's privacy policy.

NinjaOne Terms & Conditions

By clicking the “I Accept” button below, you indicate your acceptance of the following legal terms as well as our Terms of Use:

  • Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
  • Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
  • Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library belonging to or under the control of any other software provider.
  • Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
  • Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
  • Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
  • EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).
I Accept