SOLVED

Newly created local users cannot login Windows Admin Center

%3CLINGO-SUB%20id%3D%22lingo-sub-1274413%22%20slang%3D%22en-US%22%3ENewly%20created%20local%20users%20cannot%20login%20Windows%20Admin%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1274413%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20set%20up%20a%20small%20lab%20environment%20to%20test%20Windows%20Admin%20Center%20with%20one%20physical%20Windows%20Server%202019%20on%20a%20Workgroup.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20installed%20WAC%20on%20a%20Windows%2010%20machine%20(on%20Azure%20AD%2C%20no%20AD%20joined)%20and%20I%20can%20connect%20just%20fine%20to%20the%20server%20with%20the%20default%20Administrator%20account.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20created%20a%20second%20account%20(TestAdmin)%20and%20put%20in%20the%20Administrators%20group.%20The%20newly%20created%20user%20can%20long%20in%20Remote%20Desktop%20without%20problems%20and%20it%20is%20a%20local%20admin%20of%20the%20remote%20server%2C%20but%20I%20cannot%20use%20this%20user%20account%20(TestAdmin)%20to%20manage%20the%20server%20with%20WAC%20or%20PowerShell%20and%20I%20keep%20getting%20an%20error%20%22Access%20is%20denied%22.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20your%20suggestions.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1281159%22%20slang%3D%22en-US%22%3ERe%3A%20Newly%20created%20local%20users%20cannot%20login%20Windows%20Admin%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1281159%22%20slang%3D%22en-US%22%3E%3CP%3EI%20seem%20to%20have%20found%20the%20setting%3A%20the%20new%20user%20needs%20to%20be%20added%20to%20the%20Remote%20Management%20Users%20group.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20confused%2C%20however%3A%20aren't%20Administrators%20already%20in%20the%20Remote%20Management%20Users%20group%3F%20Why%20would%20an%20admin%20need%20to%20be%20added%20to%20a%20separate%20security%20group%20to%20admin%20a%20machine%20remotely%3F%20By%20the%20way%2C%20the%20default%20the%20built%20in%20Administrator%20account%20is%20not%20in%20the%20Remote%20Management%20Users%20group%2C%20but%20does%20have%20this%20limitation.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1281646%22%20slang%3D%22en-US%22%3ERe%3A%20Newly%20created%20local%20users%20cannot%20login%20Windows%20Admin%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1281646%22%20slang%3D%22en-US%22%3E%3CP%3EPlease%20read%20here%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F6748%22%20target%3D%22_blank%22%3E%40Giovanni%20Rossi%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fmanage%2Fwindows-admin-center%2Fsupport%2Ftroubleshooting%23using-windows-admin-center-in-a-workgroup%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fmanage%2Fwindows-admin-center%2Fsupport%2Ftroubleshooting%23using-windows-admin-center-in-a-workgroup%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20is%20expected%2C%20cheers!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1281667%22%20slang%3D%22en-US%22%3ERe%3A%20Newly%20created%20local%20users%20cannot%20login%20Windows%20Admin%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1281667%22%20slang%3D%22en-US%22%3EThe%20link%20has%20the%20exact%20explanation%2C%20thanks!%3C%2FLINGO-BODY%3E
New Contributor

I have set up a small lab environment to test Windows Admin Center with one physical Windows Server 2019 on a Workgroup.

 

I installed WAC on a Windows 10 machine (on Azure AD, no AD joined) and I can connect just fine to the server with the default Administrator account.

 

I created a second account (TestAdmin) and put in the Administrators group. The newly created user can long in Remote Desktop without problems and it is a local admin of the remote server, but I cannot use this user account (TestAdmin) to manage the server with WAC or PowerShell and I keep getting an error "Access is denied".

 

Thanks for your suggestions.

3 Replies

I seem to have found the setting: the new user needs to be added to the Remote Management Users group.

 

I am confused, however: aren't Administrators already in the Remote Management Users group? Why would an admin need to be added to a separate security group to admin a machine remotely? By the way, the default the built in Administrator account is not in the Remote Management Users group, but does have this limitation.

Best Response confirmed by Giovanni Rossi (New Contributor)
The link has the exact explanation, thanks!