Another day in my demo environment… I got this error when trying to open some tabs in the user properties of Active Directory
Could not load Remote Desktop Services properties for this user because: Access is Denied
The error popped up at the following tabs:
- Remote Desktop Services Profile
- Remote Control
The account is was using was a standard domain user account. As far as I know, by default, all users have read permissions to (nearly) all property fields of an AD user. But still in this case it looked like there was some issue with Security Rights.
I checked some other accounts, but the results were very unpredictable. Some gave errors, others went fine.
In addition, I also found the fields Created and Modified to have no values:
The issues as described above did not occur when checking with a domain admin account. Which proved read access or any kind of security to be the problem in this case.
The cause of this Access Denied problem could then be pinpointed to a single checkbox in the Security tab of a Users Properties window:
Read: Allow for Authenticated Users in User Properties: Security was not checked
As soon as I checked this box, the problem was gone. Credits for me! :)
Upcoming question: why do security settings differ from account to account. And what should be the right setting? That’s a question for another blog post, I guess :)