Hello,
Thank you so much for posting here.
To check the logs of new created security group and the member is added to this group and who creates this group, we could configure the below audit policy.
And then check the Event Viewer to check the security events as shown below.
As per my research, this security group (Deny RDP Access) should be created one since I did not find this group in my AD environment. If it is created one, there might be other configuration of deny log on through RDS, such as this group policy setting as shown below. We could kindly have a check whether this policy is configured or not.
Computer configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment
For any question, please feel free to contact us.
Best regards,
Hannah Xiong