Error message when you use Remote Desktop Connection to connect to a Windows Vista-based computer: "The requested session access is denied"

Article translations Article translations
Article ID: 954369 - View products that this article applies to.
Expand all | Collapse all

On This Page

SYMPTOMS

When you use Remote Desktop Connection to connect to a Windows Vista-based computer, you receive an error message that resembles the following:
The requested session access is denied.

CAUSE

To use Remote Desktop Connection to connect to a Windows Vista-based computer, you must be a member of the Remote Desktop Users local group on the Windows Vista-based computer. Additionally, even if you enable the Allow users to connect remotely using Terminal Services policy setting, you still have insufficient permissions to allow a remote connection.

Note The Allow users to connect remotely using Terminal Services policy setting is in the following location:
Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Connections\

RESOLUTION

To enable users to connect remotely to a terminal server, you must make sure that all the following conditions are true:
  • Remote Desktop is enabled on the terminal server.
  • Users have the appropriate rights and permissions to log on remotely to the terminal server.
To resolve this issue in a domain environment, use Group Policy to configure all terminal servers centrally. For detailed information about how to do this, visit the following Microsoft Web site:
http://technet2.microsoft.com/windowsserver/en/library/51c1def5-8840-4a6e-83af-e542038316671033.mspx?mfr=true
Additionally, you must add the user group to the Remote Desktop Users group. To do this, use Group Policy to enable the Allow users to connect remotely using Terminal Services policy setting.

How to add a domain group to the Remote Desktop Users group by using Group Policy

  1. Open the Group Policy Management Console (GPMC). To do this, click Start, click Run, type GPMC.msc, and then press ENTER.
  2. Create and link a GPO that is named Restricted Groups to the terminal server organizational unit (OU).
  3. Right-click the Restricted Groups GPO that is linked to the terminal server OU, and then click Edit.
  4. Configure the Restricted Groups setting in the following location in Group Policy Object Editor:
    Computer Configuration\Windows Settings\Security Settings\Restricted Groups\
  5. Right-click Restricted Groups, and then click Add Group.
  6. Click Browse, click Locations, select the locations that you want to browse, and then click OK.
  7. Type Remote Desktop Users in the Enter the object names to select box, and then click Check Names. Or, click Advanced, and then click Find Now to list all available groups.
  8. Click the Remote Desktop Users group, and then click OK.
  9. In the Add Groups dialog box, click OK to close it.

    The Remote Desktop Users Properties dialog box opens.
  10. In the Members of this group section, click Add.
  11. Click Browse.
  12. In the Select Users or Groups dialog box, type the name of the domain group.
  13. Click Check Names, and then click OK to close the dialog box.
  14. Click OK to close the dialog box and to finish adding the domain group to the Remote Desktop Users group.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Properties

Article ID: 954369 - Last Review: July 3, 2008 - Revision: 1.1
APPLIES TO
  • Windows Vista Enterprise 64-bit Edition
  • Windows Vista Ultimate 64-bit Edition
  • Windows Vista Business 64-bit Edition
  • Windows Vista Business
  • Windows Vista Enterprise
  • Windows Vista Ultimate
Keywords: 
kbtshoot kbexpertiseinter kbprb KB954369

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com