Enable logon removes NT AUTHORITYAuthenticated Users from local remote desktop users group

If you Prohibit Logons Only from the App Centre on a Server and have NT AUTHORITYAuthenticated Users added to Local Remote Desktop Group , when you enable the Logon from App Center , the NT AUTHORITYAuthenticated Users group is removed from the Local Remote Desktop Group.

As a result none of the users are able to launch applications.


The issue is directed to Microsoft as this is evident on a Non Citrix Server which has Remote Desktop Services Role Installed.


To redirect the customer to Microsoft and verify this issue is not related to Citrix complete the following steps:

  • Install Remote Desktop Services role on a Non Citrix Server.
  • Run the following Query from the command prompt:

Chlogon.exe /Drain

  • Check Status of the Chglogon by running the Command:

Chglogon.exe /Query

  • Enable Chglogon.exe /Enable.
  • Check to see Local Remote Desktop Group on the server NT AUTHORITYAuthenticated Users is missing.


Add Domain Domain Users instead of NT AUTHORITYAuthenticated Users.

Read the original post here at the Citrix knowledgebase.