Tag: Windows 10

Intune Autopilot: Troubleshoot RDP access prompt

So I am testing Autopilot in my lab environment, consist a Hyper-V with its Virtual Machines. Well I am doing a manual registration, so how do I export the device information that is required my VM to be register for Autopilot?

I already have a VM running Windows 10 Pro, and I ran this script to export and automatic import the device information to be register into autopilot. However, I wasn’t running the script before Out-of-the-box-experience (OOBE) happen, so to make Autopilot work on my VM, I had to reset my VM.

Once the VM has reset,  it ask for region, language of my keyboard and next it shows a welcome page with the Display name and the company name. So I key in the email address and password of the user and also setup the PIN. However, I just notice that I set this user with the Standard permission only. Thus, the administrator account is disabled and I keep getting the RDP permission error prompt due to the user account is not in the RDP group in the VM.

Example of the prompt;

To sign in remotely, you need the right to sign in through Remote Desktop Services. By default, members of the Remote Desktop Users group have this right. If the group you’re in doesn’t have this right, or if the right has been removed from the Remote Desktop Users group, you need to be granted the right manually.

050317_1039_Tosigninrem1

How I troubleshoot this;

  1. Is to run MMC as administrator > File > Add/Remove Snap-in
    • Capture
  2. Key in your Office 365 admin account (an account with permission that can manage device)
  3. Select Local Users and Groups > Add
    • Capture
  4. Select Local computer > Finish > Ok
  5. Expand the local users and groups > Users > Right click Administrator  > Uncheck Account is disabled
    • Capture
    • Capture
  6. Reset the local Administrator password too
  7. Select Groups > Right click on the remote desktop users > Add > Authenticated users > Ok
    • Capture
  8. Close MMC
  9. Sign out and Sign in again

 

These steps should help you from getting the prompt again.

Please take note that I am doing this in Lab environment. In production, by right not to enabled administrator account and not to do any changes to the local users and groups. 

Windows 10: How to setup Windows Hello?

This blog is based on my experience on how to setup windows hello. I really like to capture every single steps or actions are performed, because it is much easier for me (beginner) and end users to understand.

*Note

Please go through this blog first “https://sabrinaksy.wordpress.com/2017/08/27/ad-gpo-how-to-enable-windows-hello/

Precaution;

Before implementing, please do go through and understand the steps given below. Each steps are given clear elaboration on how to perform it. Skipping a step will causes you confusion.

Here are the steps by steps;

For administrator;

At end user’s computer

  1. Run Command prompt as Administrator at end user’s computer
  2. Type in the following commands;
Gpupdate /force
  1. Close Command prompt, once all policies has updated

OR, At the AD server

  • Open Group Policy Management
  • At the OU where the windows hello GPO is created for
  • Right click on the OU and click on the force gpupdate on all active computers

For end users;

After successfully updated the group policy on the end user side.

  1. Go to > Start
    hello1
  2. Click on the > Setting
    • Then it will direct you to the setting interface;
    • hello2
  1. Click on > Accounts
  2. At the left-side bar
    • Select > Sign-in Options
    • hello3
  3. Scroll down and find PIN
    • Select > Add
    • hello4
  4. After that it will prompt you to enter your computer login password
    • hello5
  5. After successfully authenticate your credential, then enter convenience PIN number
    • hello6.png
  6. After enter the PIN number, your PIN status will change into something like below image;
    • hello7.png
  7. Scroll back up and find ‘Face Recognition’
    • Select > Set up
    • hello8
  8. A ‘Welcome’ interface will appear;
    • Select > Get started
    • hello9
  9. Enter the PIN, that you had set for yourself earlier;
    • hello10.png
  10. After successfully authenticate your PIN number, a face recognition interface will appear;
    • Place your face in-front of the camera where it can detect your face
    • hello11.png
  11. After that a successful interface will appear;
    • Select > Close
    • hello12.png
  1. To give it a try out;
    • Sign out from your computer account and you will see a different interface like the image below;
    • hello13.png