SCM Windows Server 2016 – Member Server Baseline

I was recently hardening some VM templates for a customer. When applying the “SCM Windows Server 2016 – Member Server Baseline – Computer” with LGPO.exe it blocked RDP access to the machine. Here’s the Local Security Policies that need to be changed to restore RDP access:

Location Setting Change
Local Computer Policy > Computer Configuration > Windows Settings > Security Settings> Local Policies> User Rights Assignment Deny access to this computer from the network Remove “Local Accounts & Administrators”
Local Computer Policy > Computer Configuration > Windows Settings > Security Settings> Local Policies> User Rights Assignment Deny logon through Remote Desktop Services Remove “Local Accounts”

Post to Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *