Enable Aero for RDP “One or more of the themes has been disabled by Remote Desktop Connection settings”

KB ID 0000647 

Problem

If you have enabled Aero on your remote machine, when you connect to it via RDP you will see this error, (if you try and change the theme to Aero).

One or more of the themes has been disabled by Remote Desktop Connection settings

Solution

1. Close your RDP session, and launch the RDP client software again > Options > Experience > Place a tick in “Menu and window animation”.

2. Reconnect to your machine.

Related Articles, References, Credits, or External Links

NA

Windows – Remote Desktop Error ‘An authentication error has occurred. The Local Security Authority cannot be contacted’

KB ID 0000826

Problem

Update May 2018: This is Following ArticleIs Probably What You Are Looking For;

Windows RDP: ‘An authentication error has occurred’

 

 

I saw this while attempting to create a remote desktop connection to a Windows 2012 Server. (Though connecting to Windows 8 will be the same).

I’d only just set this server up, and knew I’d enabled RDP, and I was attempting to connect as the domain administrator, so at first I was a little perplexed.

Solution

If you have direct/local access to the machine you are trying to connect to.

1. Press Windows Key+R > In the run box type sysdm.cpl {enter} > Remote.

2. Remove the tick from “Allow connections only form computers running Remote Desktop with Network Level Authentication (recommended)”.

3. Try again.

If you do not have direct/local access to the machine you are trying to connect to.

1. On YOUR Machine > Windows Key+R > type regedit {Enter} > File > Connect Network Registry > Type in the details for the machine you are trying to connect to > OK.

2. Navigate to;

[box]
{remote-machine-name} > HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Terminal Server > WinStations > RDP-Tcp[/box]

Locate the UserAuthentication value and change it to 1 (one) > OK > Exit the registry editor.

3. Try again.

Disable RDP Network Level Authentication via Group Policy

If the destination server is in a remote data centre or remote location, and you cannot access the System Properties, you can turn this option off with group policy, and wait a couple of hours.

1. On a DC > Start > Group Policy Management > Either create a new group policy object and link it to the OU containing the problem machine, or edit and existing one. (Here on my test network I’m going to edit the default domain policy – WARNING this will disable this feature on all machines in a production environment!

2. Navigate to;

[box]Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security[/box]

3. Locate the ‘Require user authentication for remote connections by using Network Level Authentication’ policy.

4. Set the policy to Disabled > Apply > OK > Close the Group Policy Management Editor.

5. How long before the Group Policy will affect the target machine? Group policies are processed when a machine starts up, after this they are processed again, (only if they have changed), the time period varies (so all clients do not update at the same time). The interval is 90 minutes, with a random offset off 30 minutes. So the maximum time it can possibly take is 2 hours (120 minutes). Note: this is the default setting, it can be manually changed up to (45 Days) 64,800 minutes, (though why would you do such a thing?)

Windows – Forcing Domain Group Policy

Related Articles, References, Credits, or External Links

NA

Enable RDP via Group Policy

KB ID 0000043

Problem

Rather than enabling on an ad-hoc basis, you want to turn on RDP for multiple machines via Group Policy.

Solution

Group Policy Location

To simply enable RDP, change the following policy;

[box]

Computer Configuration > Admin Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections

[/box]

Locate and change the “Allow users to connect remotely using Remote Desktop Service” policy.

Allow RDP on the Windows Firewall with Group Policy

Navigate to the following policy;

[box]

Computer Configuration > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security > Inbound Rules

[/box]

Right click > New rule > Change Predefines to “Remote Desktop” > Next > Next.

Allow the connection > Finish.

Allow users to connect via RDP though Group Policy

Any member of the machines ‘Remote Desktop Users’ group can log on via RDP, if you have a lot of machines you can create a global security group in active directory (mine below is called SG-Remote-Desktop-Users). And I’ve added it globally to all the computers local ‘Remote Desktop Users’ groups using ‘Restricted groups’.

Navigate to the following policy;

[box]

Computer Configuration > Windows Settings > Security Settings > Restricted Groups

[/box]

Right click > Add Group > Browse > Add your group > In the LOWER (This group is a member of) section click Add > Type in Remote Desktop Users > OK > OK.

2008 RDP Policy Location

Computer Configuration > Policies > Administrative Templates > Windows Components > Terminal Services > Terminal Server > Connections.

“Allow users to connect remotely using Terminal services”

To enable Remote Desktop, click Enabled.

To disable Remote Desktop, click Disabled.

2000/ 2003 RDP Policy Location

Computer Configuration > Administrative Templates > Windows Components > Terminal Services.

“Allows users to connect remotely using Terminal services”

To enable Remote Desktop, click Enabled.

To disable Remote Desktop, click Disabled.

 

Related Articles, References, Credits, or External Links

Original article written 17/07/09