Using Remote Desktop, connect to a Windows 7 domain user account without first logging on locally?

  • Robert S Ciaccio

    I have a dell laptop (henceforth we'll call this the server) running Windows 7 Enterprise. The server is part of my company's domain. My primary user account is a domain account.

    When I am at home and not connected to the domain, I prefer to connect to the server using Remote Desktop Connection from my MacBook Pro (we'll call this the client). The problem is, that if I do not physically login to the server, I am unable to connect to it using RDC from the client.

    I have a local administrator account on the server, and connecting to it via RDC works just fine.

    I had a feeling that the Mac RDC application was not giving me the full story, so I attempted the same procedure from a Windows 7 client. When trying to login, I get this message:

    An authentication error has occured. The local security authority cannot be contacted.

    So basically, If I logon to the server physically with my domain user and lock the computer, I can then successfully logon from the client. Otherwise, I am unable to connect.

  • Answers
  • Tom

    There are two things you should check:

    1. Your domain user has to be in the local group Remote Desktop Users or Administrators(on the server)
    2. Check the security policies on the server with Local Security Policy(secpol.msc). Make sure your user is not in Deny log on through Remote Desktop Services. You find this in Local Policies\User Rights Assignment

    Usually you don't have to check the policy Allow log on through Remote Desktop Services because the Remote Desktop Users are already added to this one. Those policies could be managed through your domain which would not allow you to make any changes.

  • scott marcell

    Does the domain user have a "Log On To..." restriction set within the account tab for the user setup? I've received a similar error when using such an account.

    Also I've had a case where a content filter appliance would not allow inbound requests (from a remote user with VPN) to Windows 7 computer but would allow outbound connections from host computer to remote laptop. Once the outbound connection was established then the inbound request could be resent and the connection would function as expected.

  • Iszi

    From my experience, you cannot log onto a system remotely with a domain account using cached credentials.

    The server (not necessarily the client) needs to be able to authenticate remote users with a Domain Controller in order to allow them access. Locally logged-in users are exempt from this requirement. Why there is a difference, or if there is a way around this, I do not know.

    I've run into this before, when I take a laptop (running Server 2003 or 2008) out to a remote site where I am behind a firewall that does not allow my system to reach any Domain Controllers. Other systems on the network are configured to be able to communicate with DCs, but not mine. Under these conditions, using cached credentials, I can log in locally to my laptop with my domain account just fine. I can also log in remotely, with my domain account, to any system on the network that's able to communicate with the DCs.

    However, coming from one of those networked systems, I cannot log in remotely to my laptop with my domain account while it cannot communicate with the DCs. At this point, my domain account is in the local Administrators group and I usually have a locally logged-in session already running.

  • Tommy Williams

    I haven't found a way around this if I'm not already logged into the machine, but I usually just put my machine to sleep when I go from work to home and I avoid the problem--waking out of sleep lets me connect via remote desktop.

    I do not have this problem with actual Windows server operating systems but it is a problem with client versions of the OS.

  • Diogo

    The domain user account on your dell laptop must be configured to not require that CTRL+ALT+DEL is used to reach the login screen.

  • Related Question

    windows 7 - Connect as specific user at Remote Desktop Connection
  • justSteve

    This is a home network with all Win7 clients and HomeGroup setup. I can RDC to my laptop as that workstation's primary, original Admin account. I've added a 2nd (also admin) account and would like that account to be used by RDC connections but every new connection is as that original account.

    If I leave the secondary account logged in, then go to my other workstation to initiate the RDC, I'm informed 'another user is logged in, if you continue that user will be disconnected.'

    I know of a number of alternatives for remote access - I'm trying to get the native windows version to work.


    EDIT: My original wording has lead the two current answers to think i'm talking about 2 remote connections at the same time. My reference to 'leaving the secondary account logged in' is not talking about a remote connection but a regular windows login.

    I'm not trying to do anything more than choose which user that RDC connects as. Perhaps the problem is that I'm initiating that login with a right click and 'Connect with Remote Desktop Connection'. I'll try editing a .RDP dedicated to that workstation.

    more soon.

  • Related Answers
  • BBlake

    Short version is you can't have more than one user logged in remotely in native Windows 7. You have to either use a third party application such as GoToMyPC or LogMeIn or the other user must be logged out. If you were using a version of Windows Server you can have 2 people logged in (or purchase additional licenses to have more), but for the base Windows lineup (XP/Vista/7), it's limited to one person at a time with the functionality that Windows includes. And even in that case, if someone were to log in locally to that machine, any remote users would be logged out.

  • Flummoxed

    There are some alternatives:

    If you setup a VNC server you can take control of the active session from remote but be warned: it won't be as smooth as a VNC connection. e.g. I use UltraVNC.

    I think you might also be able to use the built in remote support feature of windows.

    How much of a hacker are you? It's possible in XP and Vista and presumably also W7 to circumvent the one login limit.

  • justSteve

    My problem was trying to achieve this via the RightClick from the 'Network' node. Working against the full RDC connection object provides all options i'd expect.