Network security policies or measures help ensure data privacy and prevent unauthorized access. This article discusses one access error The system administrator has restricted the types of logon (network or interactive) that you may use that users generally encounter while trying to connect to a Remote Desktop in a Windows network and possible solutions to help us resolve it.
What does The system administrator has restricted the types of logon (network or interactive) that you may use indicate?
The error encountered while trying to connect to a remote desktop indicates that the connection needs network-level Authentication to establish the line of communication successfully.
Additionally, it confirms that the user trying to establish the connection to the remote system is not a Remote Desktop User group member and, hence, doesn’t have the necessary permission from the Administrator.
Fix The system administrator has restricted the types of logon (network or interactive) that you may use
Resolution to this The system administrator has restricted the types of logon (network or interactive) that you may use error would require a thorough checking of the user rights and modification in the network settings as detailed below:
- Modify the user’s group membership or user rights assignment
- Turn off Network Level Authentication (NLA)
- Use remote desktop clients for other versions
1] Modify the user’s group membership or user rights assignment
Changing the user’s group membership or user rights assignment allows for the granting or revoking specific privileges. This can help resolve the error by ensuring the user has the necessary network or interactive login permission. To do so:
- Open the Security Policy Editor by typing secpol.msc in the Run dialogue box.
- Navigate to Security Settings > Local Policies > User Rights Assignment
- Check for the option Allow log on through Remote Desktop Services on the right pane.
- Double-click on it to open its Properties and check if the concerned username is listed.
- Click on Add User or Group to add the user experiencing the error.
Once done, make sure to check; if needed, the admin should check the permission.
2] Turn off Network Level Authentication (NLA)
Network Level Authentication, or NLA, requires user authentication before establishing the network connection. Turning it OFF can help bypass the restrictions imposed by the administrator on the login types, allowing the user to log in and connect to the system. To turn off the NLA:
- Navigate to C:\Users\<User Name>\Documents\Default.rdp file.
- Right-click on it, click Open with and select Notepad from the list of applications.
- Add the below commands and Save the changes:
enablecredsspsupport:i:0 authentication level:i:0
enablecredsspsupport:i:0 :- indicates that the credssp or Credential Security Support Provider, the process of transferring credentials between computers is hereby disabled, as indicated by I:0.
authentication level:i:0:- refers to the level of authentication required during Remote Desktop connection, which is currently being disabled by mentioning I:0.
Note: Disabling the NLA can compromise the system’s security, so it should be done in consultation with the system administrator.
3] Use remote desktop clients for other versions
If the steps mentioned above fail to resolve the issue, we can try connecting to the target system from a different PC/Laptop using an older or newer version of RDP as a workaround. This particular step can help us identify if the problem is with the version of RDP being used or if any configuration-related issue on the source system is responsible for the error.
Read: Enable or Disable Your remote session will be disconnected RDC prompt
Why is RDP not authenticating?
Network Level Authentication (NLA) requires RDP users to be members of the Remote Desktop Users group and have the “Access this computer from the network” user right assigned. If either condition is not met, you may encounter connection issues.
How do I turn off RDP using Group Policy?
An IT admin can create or Edit Group Policy Objects. Expand Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections. Disable users from connecting remotely using Remote Desktop Services.
