SCM Windows Server 2016 – Member Server Baseline

I was recently hardening some VM templates for a customer. When applying the “SCM Windows Server 2016 – Member Server Baseline – Computer” with LGPO.exe it blocked RDP access to the machine. Here’s the Local Security Policies that need to be changed to restore RDP access:

LocationSettingChange
Local Computer Policy > Computer Configuration > Windows Settings > Security Settings> Local Policies> User Rights AssignmentDeny access to this computer from the networkRemove “Local Accounts & Administrators”
Local Computer Policy > Computer Configuration > Windows Settings > Security Settings> Local Policies> User Rights AssignmentDeny logon through Remote Desktop ServicesRemove “Local Accounts”

About the author