Intune Lab (Issue): Hyper-V Windows VM requires user to be a member of Remote Desktop Users

On By BorromsIn Hyper-V, Intune, Microsoft

Overview:
I was working on my Microsoft 365 Intune lab, where I created a number of Hyper-V based Windows 10 and 11 VMs so I could test Intune and Autopilot deployments. After my Windows 10/11 VMs were successfully enrolled in Intune I was brought to the Login screen. I then entered my username and password and got this message:

To sign in remotely, you need the right to sign in through Remote Desktop Services. By default, members of the Remote Desktop Users group have this right. If the group you’re in doesn’t have this right, or if the right has been removed from the Remote Desktop Users Group, you need to be granted this manually.

I was not able to login to the computer. This error did not make sense to me because the user I wanted to be able to sign in with was the same one I used to enroll the Virtual PC and also should not need to be a member of the Remote Desktop Users group. After I reboot the VM I tried again and the same error appeared, then after another reboot I was then able to login. However, the next day the same issue happened and I could not login.

Cause:
Apparently the above error was caused by the fact that I had enabled the Hyper-V feature called: Enhanced Session Mode. This setting is very useful when you want to share the hardware devices of your physical computer to the VM, such as other hard drives, printers and the audio on your PC.

The problem is that this mode is actually an RDP Session into the Virtual Machine. Hence the above error message saying that the user should be a member of the Remote Desktop Users group. Now since I don’t really care about using any of the devices on my PC on the VM since I am only using it for testing Intune configuration and policies etc. then I don’t need Enhanced Session Mode.

Fix:
Disable the Enhanced Session Mode on Hyper-V
1. In Hyper-V Manager window, right click on your Hyper-V server and select: Hyper-V Settings
2. Under the “Server” section select: Enhanced Session Mode Policy > [Uncheck]: Allow enhanced session mode
3. Under the “User” section select: Enhanced Session Mode > [Uncheck]: Use enhanced session mode
4. Restart all Virtual Machines to allow the above settings to apply. Ater you login to the VMs, you should no longer get the message: “To sign in remotely, you need the right to sign in through Remote Desktop Services…”

Leave a comment