Logon Restrictions Enforced by System Administrator: Network or Interactive Access

Logon Restrictions Enforced by System Administrator: Network or Interactive Access

Network security policies or measures play a crucial role in ensuring data privacy and preventing unauthorized access. This article discusses a common access error: The system administrator has restricted the types of logon (network or interactive) that you may use. This error typically arises when users attempt to connect to a Remote Desktop in a Windows network. We will explore possible solutions to help resolve this issue.

The system administrator has restricted the types of logon

Understanding the Error: The system administrator has restricted the types of logon (network or interactive) that you may use

This error suggests that the connection attempt to a remote desktop requires network-level Authentication (NLA) for successful communication.

Furthermore, it indicates that the user trying to connect to the remote system is not a member of the Remote Desktop Users group, thus lacking the necessary permissions from the Administrator.

How to Fix The system administrator has restricted the types of logon (network or interactive) that you may use

To resolve the error The system administrator has restricted the types of logon (network or interactive) that you may use, a detailed examination of user rights and modifications in network settings is essential:

  1. Modify user group membership or user rights assignment
  2. Turn off Network Level Authentication (NLA)
  3. Use remote desktop clients of different versions

1] Modify User Group Membership or User Rights Assignment

Win Security Policy Remote Desktop Access

Changing the user’s group membership or user rights assignment allows for granting or revoking specific privileges, assisting in resolving the error by ensuring the user has the necessary network or interactive logon permissions. Here’s how:

  • Open the Security Policy Editor by typing secpol.msc in the Run dialog box.
  • Navigate to Security Settings > Local Policies > User Rights Assignment
  • Locate the option Allow log on through Remote Desktop Services in the right pane.
  • Double-click on it to open the Properties, and check if the affected username is listed.
  • Click on Add User or Group to include the user experiencing the error.
Security Policy Add User Rights

Once completed, ensure to verify permissions; the admin should review them if necessary.

2] Turn Off Network Level Authentication (NLA)

Rdp File Location

Network Level Authentication (NLA) mandates user authentication prior to establishing a network connection. Disabling it can help circumvent any restrictions imposed by the administrator on login types, enabling the user to log in and connect to the system. To disable NLA:

  • Navigate to the C:\Users\\Documents\Default.rdp file.
  • Right-click on it, select Open with, and choose Notepad from the application list.
  • Add the following commands and save the changes:

enablecredsspsupport:i:0

authentication level:i:0

enablecredsspsupport:i:0: This command disables the Credential Security Support Provider (CredSSP) process for transferring credentials between computers.

authentication level:i:0: This command indicates that the authentication level required for the Remote Desktop connection is being disabled.

3] Use Remote Desktop Clients of Different Versions

If the previous steps do not resolve the issue, consider attempting to connect to the target system from a different computer or laptop using an older or newer version of the Remote Desktop Protocol (RDP) as a workaround. This may help identify if the problem lies with the RDP version or if it relates to a configuration issue on the source system.

Why Is RDP Not Authenticating?

Network Level Authentication (NLA) requires Remote Desktop Protocol (RDP) users to be members of the Remote Desktop Users group and possess the “Access this computer from the network”user right. If either of these conditions is unmet, connection issues may arise.

How Do I Turn Off RDP Using Group Policy?

An IT administrator can create or edit Group Policy Objects by expanding Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections. This allows the admin to disable remote connections using Remote Desktop Services.

Source

Leave a Reply

Your email address will not be published. Required fields are marked *