The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

To sign in remotely, you need the right to sign in through Remote Desktop Services

Download Windows Speedup Tool to fix errors and make PC run faster

If you receive the error message “To sign in remotely, you need the right to sign in through Remote Desktop Services” when trying to connect from Windows Remote Desktop (RDP) Client machines on a Windows Server that is running Remote Desktop Services, then this post is intended to help you. In this post, we will provide the appropriate solution you can try to mitigate the issue.

To sign in remotely, you need the right to sign in through Remote Desktop Services

When you encounter this issue, you’ll receive the following full error message:

To sign in remotely, you need the right to sign in through Remote Desktop Services. By default members of the Administrators group have this right. If the group you’re in does not have the right, or if the right has been removed from the Administrators group, you need to be granted the right manually.

To sign in remotely, you need the right to sign in through Remote Desktop Services

To fix the error message, ‘To sign in remotely, you need the right to sign in through Remote Desktop Services‘, you can apply the 2-step solution described below on the Remote Desktop Services (RDS) Windows Server.

  1. Add Remote Desktop Users to the Remote Desktop Users Group
  2. Allow the log on through Remote Desktop Services

Let’s take a look at the description of the process involved in the 2-step solution as it concerns each step.

1] Add Remote Desktop Users to the Remote Desktop Users Group

Active Directory users and computers in Server Manager

To add Remote Desktop Users to the Remote Desktop Users Group, do the following:

  • Open Server Manager.
  • From Tools menu, select Active Directory Users and Computers.

If the RD Session Host Server is not installed on the Domain Controller, use the Local Users and Groups snap-in or the Remote tab in the System Properties, to add the Remote Desktop Users.

  • Double click at your domain on the left and then select Builtin.
  • Open Remote Desktop Users on the right pane.
  • At Members tab, click Add.
  • Type the AD users that you want to give Remote access to the RDS Server.
  • Click OK.
  • After selecting the remote desktop users, click OK again to close the window.

Now, you can proceed with Step 2 below to resolve the issue

2] Allow the log on through Remote Desktop Services

Allow Log on through Remote Desktop services policy

To allow the log on through Remote Desktop Services, do the following:

  • Press Windows key + R to invoke the Run dialog.
  • In the Run dialog box type gpedit.msc and hit Enter to open Group Policy Editor.
  • Inside the Local Group Policy Editor, use the left pane to navigate to the path below:

Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment

  • At the right pane, double-click on Allow log on through Remote Desktop Services to edit its properties.
  • In the properties page that opens, click Add User or Group button.
  • Now, type remote and then click Check Names button.
  • Select the Remote Desktop Users from the list.
  • Click OK all through to exit Group Policy Editor.

Restart the RDS server or just open CMD prompt in admin/elevated mode and type the command below and hit Enter to apply the new group policy settings (without restart).

gpupdate /force

Once the command executes or the RDS Windows server reboots, you can try to connect from the Windows 11/10 remote desktop client – the issue should be resolved now.

If after updating the Group Policy settings, the problem is not resolved, apply the following modification at Group Policy Editor:

Navigate to the following path below:

Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.

Then, open the Deny log on through Remote Desktop Services policy and remove the Users group.

Exit Group Policy Editor and run the gpupdate /force command.

Related read: An internal error has occurred error for Remote Desktop Connection.

What is the right to sign in through Remote Desktop Services?

The ‘right to sign in’ through Remote Desktop Services refers to the permissions or access rights required to log in remotely to a computer or server using Remote Desktop Protocol (RDP). To use Remote Desktop Services and connect via RDP, users must have specific permissions configured on the target computer or server. These permissions control who can establish a remote connection and what actions they can perform once connected.

How to allow users to connect remotely using Remote Desktop Services registry?

To allow users to connect remotely using Remote Desktop Services via the Windows Registry, open the Registry Editor on your Windows 11/10 PC and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server. In the right panel, locate the fDenyTSConnections key, double-click on it, and change the Value data from 1 (deny connections) to 0 (allow connections). To specify which users or groups can connect remotely, modify the UserAuthentication key under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp. ‘0’ allows only users who are members of the Remote Desktop Users group to connect. ‘1’ allows all users to connect (not recommended for security reasons unless required).

Read Next: Your credentials did not work in Remote Desktop on Windows.

Obinna@TWC

Obinna has completed B.Tech in Information & Communication Technology. He has worked as a System Support Engineer, primarily on User Endpoint Administration, as well as a Technical Analyst, primarily on Server/System Administration. He also has experience as a Network and Communications Officer. He has been a Windows Insider MVP (2020) and currently owns and runs a Computer Clinic.