In various Linux distributions the default configuration does not allow to modify “user settings” during a remote virtual session because the "unlock button" remains inactive.

This limitation is the result of a system policy. To enable it for a user or a group of users the administrator needs to find the action id (point 1), and then create a policy kit rule (point 2). The new policy will apply for the present session and each new virtual session.

1) Find the appropriate *.policy file on /usr/share/polkit-1/actions/.

Search for a file whose name includes user-accounts or accounts. If there is more than one file, the one with the most specific name for the affected Linux distribution is probably the right one. For example, if both org.gnome.controlcenter.user-accounts.policy and com.canonical.controlcenter.user-accounts.policy exist, choose the latter.

1.2) Once you found the file, search for the action id element.

E.g.
<action id="org.gnome.controlcenter.user-accounts.administration">

The beginning of the id always equals the file name without the .policy extension.

To find the right action id look for: <description>Manage user accounts</description>.

2) create a *.pkla file (e. g. control-center-custom.pkla) on /etc/polkit-1/localauthority/50-local.d/, with following contents:

[User Accounts Administration]
Identity=<identity-list>
Action=<action-id>
ResultAny=auth_admin_keep
ResultInactive=no
ResultActive=auth_admin_keep

where
<identity-list> is a semi-colon separated list of users or groups identifiers the button is to be activated for; each identifier should start with unix-user: or unix-group:
<action-id> is the action id found in point 1, without quotes.

Sample contents:
[User Accounts Administration]
Identity=unix-user:adam;unix-group:employees
Action=org.gnome.controlcenter.user-accounts.administration
ResultAny=auth_admin_keep
ResultInactive=no
ResultActive=auth_admin_keep