Re: RDP Access to Application Server

From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxx>
Date: Tue, 23 Aug 2005 18:21:40 -0500

Hmm. Will it work you try to access via RDP as the local administrator of
the server you are trying to remote into? Is anything recorded in the logs
of the server that may indicate the problem? You may need to enable auditing
of logon events on the server first to see anything meaningful if that is
not already enabled. It may also help to enable auditing of privilege use
for failures only to see if anything shows in the security log. Privilege
use equates to user rights. A lot of times network connectivity problems are
the reason for failure to access RDP but usually that is not the case with
the error message you are getting though you still may want to verify that
your firewall or firewalls [in case of host firewall also] allow access to
the server on port 3389 TCP assuming you are using default port for RDP. It
may be worthwhile to see what happens when you try to use RDP on your LAN to
logon to your server.

Verify that RDP is enabled on the server and that the user groups such as
Remote Desktop users has the needed user right in Local Security Policy
[secpol.msc]. For Windows 2003/XP that would be allow logon through terminal
services. Also check the deny logon through terminal services user right to
make sure that no user/group is shown that could override the allow user
right. For a domain user check their user account in Active Directory Users
and Computers to make sure their account is configured allow logon to
terminal services in terminal services profile. The user/group will also
need proper permissions to RDP. On the server use administrative
tools/terminal services configuration and in the right side window select
RDP-tcp, then right click and select properties - permissions to make sure
your groups show with at least allow permissions for user access. --- Steve

"redrobit" <redrobit@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:834D32F9-742E-4AA4-91A0-CFF942DDE4A7@xxxxxxxxxxxxxxxx
> Thanks for the reply Steven. I have tried to add the user directly with
> no
> luck as well. I am not really sure what the problem is. I have also
> tried
> RDP'ing from another outside machine, and get the same issue. I have even
> connected via VPN, and then tried RDP'ing into the app server with no
> luck.
> This did work at one point.
>
> "Steven L Umbach" wrote:
>
>> Try to add the user account directly to the Remote Desktop Users Group.
>> Also
>> keep in mind that if you make changes to a users group membership that
>> the
>> user would have to logoff if already logged on to refresh his access
>> token
>> with the new group membership. The command line tool whoami [support tool
>> I
>> think] can help in showing the contents of a users access token when run
>> on
>> the computer that the user is logged onto. --- Steve
>>
>>
>> "redrobit" <redrobit@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:D3578738-7A97-435F-8679-F01F6F23549D@xxxxxxxxxxxxxxxx
>> >I am trying to give outside RDP access to a domain user to my
>> >application
>> > server to perform work remotly. I have enabled remote and VPN access
>> > on
>> > the
>> > user account, and have verified VPN connection works. I have added the
>> > user
>> > account to the "Restricted Domain Controller Users" group. This group
>> > is
>> > also a member of the built in "Remote Desktop Users" group. When I try
>> > to
>> > RDP remotly using the user account, I get a message indicating that the
>> > user
>> > must be a member of the "Remote Desktop Users" group. I cannot
>> > connect.
>> > Any
>> > help is GREATLY appreciated!!
>>
>>
>>

.

References:
- RDP Access to Application Server
  - From: redrobit
- Re: RDP Access to Application Server
  - From: Steven L Umbach
- Re: RDP Access to Application Server
  - From: redrobit

Prev by Date: Applying Screen Saver policy via GP to select machines only
Next by Date: Re: Applying Screen Saver policy via GP to select machines only
Previous by thread: Re: RDP Access to Application Server
Next by thread: Group Policy "Hide specified Control Panel applets" not working for "Network Connections"
Index(es):
- Date
- Thread

Relevant Pages

Re: Terminal Services Setup/Flaw
... I was able to login to the Terminal Server with this user and then .rdp into another server on the network using the same credentials. ... I found the Remote Desktop Users group but that's not being used. ... "moncho" wrote: ...
(microsoft.public.windows.terminal_services)
Re: Terminal Services Setup/Flaw
... This still allows everyone to hit the TS Server but denies the login to ... Terminal Server with this user and then .rdp into another server on the ... I found the Remote ...
(microsoft.public.windows.terminal_services)
Re: 2003 Server RDP errors
... I have some unique users and a few groups added to the REMOTE DESKTOP ... administrators that can successfully RDP to this server are in this list ... I do receive an error when I try logging in via RDP as another user. ... Terminal Services, allowing multiple users to use RDP simultaniously, called ...
(microsoft.public.windows.server.general)
Re: How is dangerous connect to server over internet with remote d
... Vulnerability in Remote Desktop Protocol Could Lead to Denial of ... Microsoft MVP - Windows Security ... encryption and if i connect to server with the same ip (i configure ... Now the only thing that I usually worry about when considering RDP are ...
(microsoft.public.security)
RE: Windows Remote Desktop
... between the server and client in addition to RDP encryption. ... On the topic of securing RDP i was wondering if anyone can help.... ... connection is difficult. ... >We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion ...
(Security-Basics)