Desktop remoto Windows server RDP

Schermo nero in RDP

Problema

Connettendosi in RDP a un domain controller con un utente di dominio (membro del gruppo Domain Admins, ma non utente Administrator) dopo il login rimane lo schermo completamente nero. Anche se è possibile premendo CTRL+ALT+END arrivare alla schermata di servizio (Gestione attività, Blocco, Cambio password…).

Soluzione

Aggiungere Authenticated Users (NT AUTHORITY/Authenticated Users) e Interactive Logon (NT AUTHORITY/Interactive) al gruppo locale Users.
Nel caso in cui sia un domain controller il gruppo sarà quello presente in Builtin\Users in Active Directory.

Alternativamente è possibile utilizzare i seguenti comandi:

Net localgroup Users Interactive /add
Net localgroup Users "Authenticated Users" /add

Documentazione di riferimento:
https://support.microsoft.com/en-us/kb/970879
https://social.technet.microsoft.com/Forums/en-US/31b681c5-3658-45a5-8158-a0a0f967c4a2/rdp-screen-goes-black-after-successful-remote-login?forum=winserverTS

Consentire accesso RDP in domain controller a utente non amministratore

By default, only the members of Domain Admins group have the remote RDP access to the domain controllers.

Local groups on the domain controller can be managed from the command prompt or from Builtin on Active directory users and computers.

You have to add the group or user to Builtin/Remote Desktop Users. However, after that a user still cannot connect to the DC using Remote Desktop.

The matter is that the possibility of the RDP connection in Windows is determined by Allow log on through Remote Desktop Services policy (In Windows 2003 or earlier this policy is called Allow log on through terminal services). After the server is promoted to the DC, only the Administrators group is left in this policy.

To allow connection to the domain controllers members of the Remote Desktop Users group you need to:

  • Start local policy editor (gpedit.msc) for Default domain controller policy
  • Go to Computer Configuration -> Windows settings -> Security Settings -> Local policies -> User Rights Assignment
  • Find the policy Allow log on through Remote Desktop Services
  • Edit the policy by adding the local group Remote Desktop Users (like this: Builtin\Remote Desktop Users), a domain user, or a group (like this: domain\somegroupname) to it
  • Run the update of the local policies gpupdate /force
Aggiungi ai preferiti : Permalink.

I commenti sono chiusi