So I am testing Autopilot in my lab environment, consist a Hyper-V with its Virtual Machines. Well I am doing a manual registration, so how do I export the device information that is required my VM to be register for Autopilot?
I already have a VM running Windows 10 Pro, and I ran this script to export and automatic import the device information to be register into autopilot. However, I wasn’t running the script before Out-of-the-box-experience (OOBE) happen, so to make Autopilot work on my VM, I had to reset my VM.
Once the VM has reset, it ask for region, language of my keyboard and next it shows a welcome page with the Display name and the company name. So I key in the email address and password of the user and also setup the PIN. However, I just notice that I set this user with the Standard permission only. Thus, the administrator account is disabled and I keep getting the RDP permission error prompt due to the user account is not in the RDP group in the VM.
Example of the prompt;
To sign in remotely, you need the right to sign in through Remote Desktop Services. By default, members of the Remote Desktop Users group have this right. If the group you’re in doesn’t have this right, or if the right has been removed from the Remote Desktop Users group, you need to be granted the right manually.
How I troubleshoot this;
- Is to run MMC as administrator > File > Add/Remove Snap-in
- Key in your Office 365 admin account (an account with permission that can manage device)
- Select Local Users and Groups > Add
- Select Local computer > Finish > Ok
- Expand the local users and groups > Users > Right click Administrator > Uncheck Account is disabled
- Reset the local Administrator password too
- Select Groups > Right click on the remote desktop users > Add > Authenticated users > Ok
- Close MMC
- Sign out and Sign in again
These steps should help you from getting the prompt again.
Please take note that I am doing this in Lab environment. In production, by right not to enabled administrator account and not to do any changes to the local users and groups.
5 thoughts on “Intune Autopilot: Troubleshoot RDP access prompt”
Hi Sabrina! Thank you for sharing this as I’m experiencing the same scenario and this is the only article I found about it. Now, would this process need to be done with every new device setup with a standard user or this is specific to VMs? Have you managed to find a way to solve for this so you don’t need to do this every time a machine is reset? Thanks again!
Hi Matias, this is how the roles/permission works.
Had the same issue, found out the reason the cause is having “Enhanced Session Mode” enabled in the general Hyper-V settings. The reason it does this is because Enhanced Session mode creates a second NIC on the device and connects via RDP so when using the console you are technically connect to the VM over RDP.
Turn off Enhanced Session mode and presto it stars working.
LikeLiked by 2 people
Was just about to comment the same thing as I have read this guide before when troubleshooting the same issue with an Hyper_V VM enroling in to Intune and getting hit with that message. Found this article discussing the Enhanced Session Mode
LikeLiked by 1 person
Great post just started having this issue, but my question would be is this only for VM’s, not for users that have a normal Laptop thats been enrolled into Autopilot?