Remote Desktop login as administrator

It is recommended to be connected to the console [Session ID=0] of the server during the Storage Foundation for Windows [SFW] installation or during SFW Rollup Patch / Maintenance Pack / Service Pack installations.

With Microsoft Remote Desktop, connect to the console by using the correct "/admin" or "/console" switches [mstsc.exe /admin or mstsc.exe /console] depending on the Remote Desktop Client [RDC] version being used.

The Remote Desktop Client [RDC] 6.1 no longer uses the "/console" switch to connect to the session 0. The "/admin" switch [mstsc.exe /admin] should be used instead.

RDC 6.1 is included with the following operating systems:•Windows Server 2008•Windows Vista Service Pack 1 [SP1] and later

•Windows XP Service Pack 3 [SP3] and later

You can type “mstsc /?” to see if the /admin option has to be used for the console [see image1 as below]:

Image1: Remote Desktop Connection Usage

To ensure you are on the console [Session ID=0] of the server, please run the command "query session" from a Command Prompt. The ID=0 as showed in the image below [image2.png] confirms that you are on the console [Session ID=0].

Image2: "query session" command output

Please note that in Windows Server 2003, you can start the RDC client [Mstsc.exe] by using the /console or /admin switch to remotely connect to the physical console session on the server [also known as session ID=0]. However, in Windows Server 2008 or Windows Server 2008 R2, the /console switch has been deprecated. In Windows Server 2008 and Windows Server 2008 R2, session 0 is a non-interactive session that is reserved for services.

For more information, please visit the following Microsoft article:  Changes to remote administration in Windows Server 2008.

Modern businesses rely on computers for everything from communicating with customers and suppliers to managing finances and inventory. Thanks to Internet and networking technologies, companies can transact business, attract new customers and share information within the office easier than ever before. However, these technologies can cause complex problems when not maintained properly. If your business is like most, you probably have key employees to whom you turn to fix computer problems. Providing these employees with remote administrator access to computers on your business network can enable them to correct many problems even when they're on the road or working at home.

Add an Administrator

1. Log in to Windows with an administrator account. Click "Start," "Control Panel" and then click "User Accounts."

2. Click "Manage Another Account" and select "Create New Account." Enter a name for the new administrator account in the "New Account Name" field. Select the "Administrator" option and click "Create Account."

3. Click the name of the new administrator account in the "Choose the Account You Would Like to Change" window. After the Make Changes window opens, click "Create a Password." Enter a temporary password for the new administrator and confirm it in the subsequent fields. Click the "Create Password" button to save the new password. After the new administrator logs on to the machine, he can change the password by clicking the "Change Password" link in the Make Changes window for his user account.

Grant Remote Desktop Access to an Administrator

1. Click "Start | Control Panel | Administrative Tools | Computer Management." The Computer Management console window opens.

2. Select "Local Users and Groups" in the Computer Management navigation pane, then double-click "Users" in the center pane of the window.

3. Right-click the name of the Administrator to whom you want to grant Remote Desktop access, then click "Properties" on the pop-up menu.

4. Click the "Member Of" tab in the Properties window, then click the "Add" button. In the text box labeled "Enter the object names to select," type "Remote Desktop Users." Click the "Check Names" button. Windows underlines the network name of the computer along with "Remote Desktop Users."

5. Click "OK" to close the Select Groups window and display the updated "Member Of" list for the administrator. The administrator is now part of the Remote Desktop Users group and can log in to the machine remotely.

6. Click the "OK" button to close the Properties window, then close the Computer Management console window.

7. Add administrator accounts with remote desktop access to other computers on the network as needed.

ShadgaAF asked • Dec 2, '21 | piaudonn edited • Dec 2, '21

Hello,

on fresh domain [on premise], with working windows terminal server for RDP access, i got the problem users who wants to connect to the server needs to run RDP as Admin.

I tried many things like GPO "Allow User to login as Terminal service" or adding the user to the local RDP User group on the terminal server, but none are working.

I get the error message "Access denied" "Try to run RDP with higher/admin rights".

If the user gets added as local admin and runs rdp with admin, it works fine and even after removing as the local admin, he can still connect to the terminal server afterwards [Question is for how long?].

First i thought the user profiles needs to be created on the terminal but just yesterday i had user who proved me the opposite he wanted to go on the terminal server from the meeting-computer and got the same error but he was already using the terminal server way before that happens.

Comment

Hi,

Using Server 2008 R2. 

In the past I remember that if I was logged in under some account, and attempted to use the same credentials from a different machine to log into the same server [using mstsc /admin], it would kick the current connection and connect me to that session instead.

However, now this does not seem to be the case. When I preform the steps above I get the "This computer can't connect to the remote computer" message. 

How do I take over an existing session by force?

Thanks,

DB

• That should work just fine. RDP is enabled on the server? You can locally log into the admin account on the server with no issues? When connecting with RDP try .\administrator for the username.

• Remote is enabled. I can log in directly to the server with the admin account. It should be fine

  Also tried "WINSERVER\administrator" & ".\administrator" but no luck

• What's the error you get back when trying to connect?

• RDP is tricky off a domain. While you may have enabled RDP, you might want to check the firewall, it may have only enabled it for Private networks and it may see the network as Public and you may need to enable RDP for Public networks.

  Spice [3] flagReport
  Was this post helpful? thumb_up thumb_down

• "This user could not logon....."

  Tried a few more things and gave up, used another physical 2012 R2 server and that worked fine. Do not have time to investigate any further.

  Thanks Scott for getting back to me :]

• And also thanks Michael, only saw your reply after I sent mine 

• Make sure that the builtin\admin account still has the logon through remote desktop user right assigned and that RDP is enabled. Sounds like this has been removed or denied.

  past that .\administrtor should work fine.

• Do you use iSCSI on the server?
  

• No iSCSI, it is a simple test environment with basic equipment.