I am trying to create a rule to record RDP connections as the domain administrator. I created a "Domain Administrator" group and added "Administrator" as the sole user:


I then created a command rule:


However, whenever I launch RDP And log in as "<domain>\dministrator", the RDP connection is terminated with:
Your Remote Desktop Services session has ended.

Your network administrator might have ended the connection. Try connecting again, or contact technical support for assistance.
If I change the rule conditions in the command rule from:
IF (user in Domain Administrator AND command in Windows Direct Session)
to:
IF (user in Everyone AND command in Windows Direct Session)
then the command rule works. So, it appears I am doing something wrong in my "Domain Administrator" group.

Any ideas?