I have searched and searched and can't find the answer to my problem. I am the admin/enterprise admin of our network. We have a domain controller that holds all users and groups.
Users on workstations can locally log into computers without any problems. However if they are not a domain admin they can't utilize remote desktop connection. They can open the application and connect but when they connect it says "The Local Policy of this System does not allow you to log on interactively".
With that being said, i have checked to ensure that the particular user is in the remote desktop group. I have gone into the domain controller and double checked the secuirty policy. (gpedit.msc> windows settings > security settings>local policies>user rights>)
Remote desktop users are under allow log on through terminal services. Nothing is in the field deny logon through terminal services.
Right clicking the user in active directory and going to the dial in tab the user is set to allow. When the member is not part of the domain admin but part of the remote desktop group it doesnt work. But if you add them to the domain admin group it works. I cant find where its going wrong. I have ran gpupdate /force on the comptuers. It is every computer in our network, so its not just 1 machine.
It also isnt just the one user because anyone in remote desktop group by itself doesnt work however anyone with domain access it does. Running rpol.msc on computers shows the computer supports remote desktop users under allow log on locally. I am out of ideas and have tried everything.
Any input thx