This topic describes how to resolve the issue that the following error message appears when you connect to a Windows Elastic Compute Service (ECS) instance by using Remote Desktop: The connection was denied because the user account is not authorized for remote login.
Problem description
You cannot connect to a Windows ECS instance by using Remote Desktop and receive the following error message: The connection was denied because the user account is not authorized for remote login.
Cause
The preceding issue may be caused by incorrect configurations of permissions on Windows Remote Desktop. You can use one of the following solutions to resolve the issue:
Solutions
Use one of the following solutions based on your business requirements. In this example, an ECS instance that runs Windows Server 2019 or later is used.
Solution 1: Troubleshoot the User Rights Assignment settings in the group policy
Connect to the Windows ECS instance by using Virtual Network Computing (VNC).
For more information, see Connect to a Windows instance by using a password.
Click the Type here to search box in the lower-left corner of the instance desktop, enter run, and then press the Enter key. In the Run dialog box, enter
secpol.mscand click OK to open the Local Security Policy window.
Choose Local Policies > User Rights Assignment > Allow log on through Remote Desktop Services.
Check whether the Remote Desktop Users group exists.
If the Remote Desktop Users group does not exist, proceed to the next step.
If the Remote Desktop Users group exists, perform operations described in the Solution 2: Troubleshoot the user group attributes of your user section of this topic.
(Optional) If the Remote Desktop Users group do not exist, click Add User or Group to add the group. Then, click OK.
Solution 2: Troubleshoot the user group attributes of your user
Connect to the Windows ECS instance by using VNC.
For more information, see Connect to a Windows instance by using a password.
Click the Type here to search box in the lower-left corner of the instance desktop, enter run, and then press the Enter key. In the Run dialog box, enter
lusrmgr.mscand click OK to open the Local Users and Groups window.
In the left-side navigation pane, click Users. Double-click the username that you used in the failed attempt to connect to the instance.
In the user properties window that appears, click the Member Of tab. Make sure that the user is a member of the user group that is granted the remote logon permissions in Solution 1: Troubleshoot the User Rights Assignment settings in the group policy, as shown in the following figure.
(Optional) If the user group does not exist, click Add to add the user group. Then, click OK.
In the user properties window, click the Remote control tab. Make sure that Enable remote control is selected, as shown in the following figure.
