Remote Desktop Connection – Login is not possible due to account restrictions
And so we decided to provide remote access to a PC running the Windows XP operating system through a standard Windows program called “Remote Desktop Connection”. To do this, go along the following Start path – my computer – properties – remote sessions – remote desktop control – check the box “allow remote access to this computer.” Everything, in fact, remote access to this PC is open, but there are still a bunch of “pitfalls”. Well, firstly, remote access to this PC is open only to user accounts that are in the local administrators group.
Login is not possible due to account restrictions
When you connect to a remote computer through the program “Connect to Remote Desktop”, if all the addresses are spelled correctly, you get into the user authorization window. Enter the name of the local user account, which is in the group of administrators of the PC and the message “login to the system is impossible due to account restrictions.” This is due to the fact that for security reasons, you cannot remotely connect to a PC under a user account that is a member of the administrators group and has an empty password. Simply put, you cannot use a user who is the administrator of this PC as a user when connecting remotely through the Remote Desktop Connection program if he has an empty password, Microsoft believes that this is not safe since he has too many rights. Those. he must set a password.
There are two types of local PC users. The first is the system user – PC Administrator, his name is usually that. It is created once during the installation of the operating system. It is needed to work in safe mode when user accounts are unavailable. When loading the OS in normal mode, it is not available and you can’t use it with a remote connection because In this case, the OS is operating normally. Those. through it, remote access is generally not possible even with a password, even without it. This first type of system local user also includes the Guest, which is usually disabled by default. All other users are considered user and are divided into local user groups. So, as I already said, by default, remote access to a PC is allowed only to user accounts that are members of the local “administrators” group, provided that they have a password, as well as to the Guest, if only they are turned on. In general, guests are always allowed remote access by default, but the rights will be naturally guest, i.e. minimal.
If you want to allow remote access to the PC to local user accounts that are not members of the local “administrators” group, then you need to register them in the list of allowed users. This list is not far from the actual permission for remote access to a PC. Those. in the properties “my computer”. Here is the full path to it. Start – my computer – properties – remote sessions – remote desktop control – select remote users. Here you can add local users for remote access to PCs that are not members of the local “administrators” group. Moreover, their rights with remote access will correspond to the groups in which these users are members.
All these remote access rules are registered in the local policies of the Windows XP operating system and they can be changed to suit your needs. Those. You can cancel the required password for user accounts that are members of the local Administrators group when connecting to the desktop remotely.
So here is the result: if you get a message “logging in is impossible due to account restrictions” when connecting to the remote desktop, then you are either trying to connect as a system user — an administrator who does not work in normal OS mode at all and was created for safe mode, or your user account does not have a password, which is necessary in this situation.