All Products
Search
Document Center

Elastic Compute Service:What do I do if the error message that indicates lack of Terminal Server User Access permissions appears when I connect to a Windows instance by using Remote Desktop?

Last Updated:Mar 17, 2023

This topic describes how to resolve the issue that the error message that indicates lack of Terminal Server User Access permissions appears when you connect to a Windows Elastic Compute Service (ECS) instance by using Remote Desktop.

Problem description

When you use Remote Desktop to connect to a Windows instance from a on-premises client, the error message that indicates lack of Terminal Server User Access permissions appears.

Causes

The issue may occur because of the following reasons:

Solutions

Use one of the following solutions to resolve the issue based on the actual scenario. In the following examples, an instance that runs Windows Server 2012 is used.

Solution 1: Modify the local security policy

  1. Connect to the Windows instance by using Virtual Network Computing (VNC).

    For more information, see Connect to a Windows instance by using a password.

  2. Right-click the Start icon and select Run. In the Run dialog box, enter gpedit.msc and click OK to start Local Group Policy Editor.

  3. In the Local Group Policy Editor window, choose Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.

  4. In the Policy directory, double-click Deny log on through Remote Desktop Services to open the Deny log on through Remote Desktop Services Properties window.

  5. In the Deny log on through Remote Desktop Services Properties window, check whether Remote Desktop Users and a domain user account used to connect to the instance exist. If Remote Desktop Users or the domain user account exist, delete them.

  6. In the Policy directory, double-click Allow log on through Remote Desktop Services to open the Allow log on through Remote Desktop Services Properties window.

  7. In the Allow log on through Remote Desktop Services Properties window, check whether Remote Desktop Users and a domain user account used to connect to the instance exist. If no Remote Desktop Users or domain user accounts exist, add a Remote Desktop user and a domain user account.

  8. Use the added user to log on to the Windows instance from another host. Make sure that you can connect to the Windows instance.

Solution 2: Grant the logon permissions to general users

  1. Connect to the Windows instance by using VNC.

    For more information, see Connect to a Windows instance by using a password.

  2. Go to the Computer Management window.

    1. Right-click the Start icon and select Server Manager.

    2. In the Server Manager window, click All Servers. In the SERVERS section, right-click the server that you use and click Computer Management.

  3. In the Computer Management window, choose System Tools > Local Users and Groups > Users and select New User. In the New User window, create a user. In this example, a user named test is created.

  4. After you create the user, right-click test. In the test Propertieswindow, click the Member of tab and then click Add to add the user to Remote Desktop Users. Then, general users can log on to the instance.

    Note

    Remote Desktop Users is the group that is granted the remote logon permissions. All users that are added to this group are granted the remote logon permissions.