Server not seeing built-in domain groups

[Yamahahahahaha]

Good morning all!

I'm setting up a new terminal services (Remote Desktop Services, blah) server for a client on a bit of a tight schedule.

Unfortunately, the server isn't seeing the built-in domain Remote Desktop Users group. So none of the nicely managed users I've set up are being seen.

When added to the local policy Remote Desktop Users group, it works perfectly.

Any suggestions as to how to fix this?

 

[Yamahahahahaha]

Quick update:

It works when the user is individually added to the TS permissions.
The local RDP users group is in the permissions, but the built-in domain RDP users group can't be added to permissions??? Bizarre!

I'm making a new group and chucking all the users who need access into there. Should work

 

[Yamahahahahaha]

Yep it all works.

Lesson of the day:
If you see the error: "To log on this remote computer, you must be granted the Allow log on through Terminal Services right. By default, members of the Remote Desktop Users group have this right. If you are not a member of the Remote Desktop Users group or another group that has this right, or if the Remote Desktop User Group does not have this right, you must be granted this right manually."

Terminal Services permissions will not see the Domain-local Remote Desktop Users group, nor global-distribution groups in AD.
Make a global-security group in Active Directory with the desired users as Members.
Add this group to the RDP-TCP permissions in Terminal Services Configuration and it'll work.

Case closed.

 

[Mikoyan]

A good poster always posts how he fixes a problem even if he fixed it himself much love lol

 

[Yamahahahahaha]

Figured someone on Google will find this eventually. I had a look and nobody else had raised it as a solution

 

[s0ck]

A good poster always posts how he fixes a problem even if he fixed it himself much love lol

Aye, fairplay