SCM Windows Server 2016 – Member Server Baseline

2017-12-19T11:59:20+00:00 October 15th, 2017|Azure, Cloud, Windows|

I was recently hardening some VM templates for a customer. When applying the “SCM Windows Server 2016 – Member Server Baseline – Computer” with LGPO.exe it blocked RDP access to the machine. Here’s the Local Security Policies that need to be changed to restore RDP access:

Location Setting Change
Local Computer Policy > Computer Configuration > Windows Settings > Security Settings> Local Policies> User Rights Assignment Deny access to this computer from the network Remove “Local Accounts & Administrators”
Local Computer Policy > Computer Configuration > Windows Settings > Security Settings> Local Policies> User Rights Assignment Deny logon through Remote Desktop Services Remove “Local Accounts”