Hi, we have a problem in our Server 2008 R2 Active Directory. A few weeks ago we recognized that administrative connections to several servers failed. I found out that on all (!) 2008 and 2008 R2 servers the local policy was configured with the following settings: - Allow users to connect remotely using Terminal Services: ENABLED - Require user authentication for remote connedctions by using Network Level Authentication: DISABLED Unfortunately also the Firewall exception got lost causing inbound RDP connections getting blocked. We don't use local policies and I don't think that someone changed these settings on about 800 servers. Is it possible that ´some Windows Update accidently changed the policy? Thanks Florian

Hello, NO update will change policies, updates belong to system files to correct errors or close some security problems. If the policy is changed then someone has done this with GPO or manual. So use "rsop.msc" or "gpresult /h GPResult.html" and review the settings.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Hi Meinolf, 'gpresult /h GPResult.html': This is exactly the way I found out, that the *local* policy is configured. No domain policy is involved. As a workaround we would have to 'revert' these settings by GPO but as I said it is somehow strange that about 800 servers are misconfigured. Florian

Hi, The local group policy settings should not be changed by Windows Update. Did you enable remote desktop via domain group policy previously? If not, how did you enable RDP on the servers? As you said that “administrative connections to several servers failed”, please help clarify it. The above two group policy does not block RDP connection. I noticed that you said “the Firewall exception got lost causing inbound RDP connections getting blocked”, it seems like this is the cause for the RDP connection failure. Did you configure the firewall exceptions via group policy? For further research, please help gather the following file on one server. Gpresult /H gpreport.html Please send the resulting gpresult.html to us. You can upload the file to the following link. (Please choose "Send Files to Microsoft") Workspace URL: (https://sftus.one.microsoft.com/choosetransfer.aspx?key=129cdd16-d597-4744-ba39-091acb1bbf1e) Password: 8^q[s$**vs*lO Note: Due to differences in text formatting with various email clients, the workspace link above may appear to be broken. Please be sure to include all text between '(' and ')' when typing or copying the workspace link into your browser. Meanwhile, please note that files uploaded for more than 72 hours will be deleted automatically. Please ensure to notify me timely after you have uploaded the files. Thank you for your understanding. If you would like to monitor who changes the local group policy, you can enable auditing on the relative subfolders under C:\WINDOWS\System32\GroupPolicy, in this case, please enable auditing on C:\Windows\System32\GroupPolicy\Machine\Registry.pol. I assume Windows is installed on C: drive. Thanks. NinaPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.