I was recently hardening some VM templates for a customer. When applying the “SCM Windows Server 2016 – Member Server Baseline – Computer” with LGPO.exe it blocked RDP access to the machine. Here’s the Local Security Policies that need to be changed to restore RDP access:
Location | Setting | Change |
Local Computer Policy > Computer Configuration > Windows Settings > Security Settings> Local Policies> User Rights Assignment | Deny access to this computer from the network | Remove “Local Accounts & Administrators” |
Local Computer Policy > Computer Configuration > Windows Settings > Security Settings> Local Policies> User Rights Assignment | Deny logon through Remote Desktop Services | Remove “Local Accounts” |