Fix WVD Remote Desktop Logon Issue Deny Remote Desktop Services Logon HTMD Blog

Let’s learn how to Fix WVD Remote desktop logon issue with a security policy called “Deny Remote Desktop Services Logon.” We are able to fix this issue with the help of my colleague Mark Thomas.

Introduction

We are managing WVD VMs with Microsoft Intune. All the security policies are applied using Intune. I have a post that explains one of the examples “UserRights Policy Deployment Using Intune | Group Policy Replacement.”

An issue with WVD HostPool Login

The user was getting the following error when the user tries to logon to a Remote Desktop using assigned WVD host pool.

To sign in remotely, you need the right to sign in through Remote Desktop Services. By default, members of the Remote Desktop Users group have this right. If the group you're in doesn't have this right, or if the right has been removed from the Remote Desktop Desktop Users group, you need to be granted this right manually.

WVD Remote Desktop Logon Issue Deny Remote Desktop Services Logon — WVD Remote Desktop Logon Issue – Deny Remote Desktop Services Logon

Security Policies

Most of the organizations must have standard security policies by CIS. One of the security policy guidelines was to set a policy to Deny Remote Desktop Services Logon for Local Users and Guests.

More details about DenyRemoteDesktopServicesLogon policy is explained in the following Microsoft document – https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services

We use SIDs instead of Names in security policies to avoid complexities with different language pack installations of Windows. More details about well known SID here.

SID	Name
S-1-5-32-546	Guests
S-1-2-0	Local

Well Known SID Name Matching Table