Re: remote access trouble
From: Ryan Hanisco (rhanisco_at_flagshipis.com)
Date: 03/10/05
- Next message: Ryan Hanisco: "Re: Setting Outlook Permissions using Active Directory???"
- Previous message: Allen Firouz: "RE: GPO Question"
- In reply to: shaine fisher: "remote access trouble"
- Next in thread: shaine fisher: "Re: remote access trouble"
- Reply: shaine fisher: "Re: remote access trouble"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 10 Mar 2005 13:20:40 -0600
Shaine,
This is the precise reason why you don't go for general terminal services
access on a Domain Controller. You are seeing the interaction between the
normal system policy and the domain controller security policy.
By default, only admins are allowed to log in locally to a DC. When you
changed this, you activated the other policy to allow the specific user to
log in, but then did not also include administrators.
You should find that if you allow TS and allow log in locally to both users
you should be fine.
-- Ryan Hanisco MCSE, MCDBA FlagShip Integration Services Chicago, IL "shaine fisher" <manchester38@ntlworld.com> wrote in message news:un0Yd.505$gQ2.252@newsfe2-gui.ntli.net... >I have server 2003 set up on a testing system, as you know, I have it set >up with the following roles, don't criticise me for all this, its just to >test: > DHCP, DNS, APPLICATION SERVER, FILE SERVER (no choice), PRINT SERVER(no > choice), DOMAIN CONTROLLER AND FINALLY TERMINAL SERVER. > > Now here is the problem. I sat at work today and decided to access my > computer remotely, as an administrator, using RDC from and XP system. All > is great, I can connect to it, and have access to the files folders and > tools that I would had I been sat right at it, this is not a problem. > I decided to sign in as one of the users that I setup, got the error > message that the user needs to in the remote desktop users group or > assigned the right to access the server via terminal services, here is > where the problemss begins: > > I add the user to the remote desktop users group AND assign the right to > access the computer via terminal services (couldn't get either one to > work, so did both, this solved it), perfect the user can sign in and use > the roaming profile they set up when working locally, but I noticed thaat > the user account needed some adjustment, so I signed out, and back in as > the administrator........ > > Now the admin has no rights to access the computer remotely....at all. You > need to add this user to the remote users..... > > Cut a long story short, assigned the right to access the computer via TS > to the administrators group, still no go, added the admin group to the > remote users too, now I can sign in, but I do not have admin rights or > permissions, can't aaccess shared folders etc, can't run tools..... > > If I remove the rights aand permissions from the user account, and remove > the admin from the remote users group and remove the right to sign in via > TS, I can sign in, and admin. > > I know the admin should be able to admin remotely, but why did it go wrong > when I altered the rights and membership for 1 user? > This BTW is a server 2003 120 day trial, Evaluation Copy, Build 3790 > (Service Pack 1, v.1433) all updates and patches applied. > > Thanks in advance > Shaine Fisher >
- Next message: Ryan Hanisco: "Re: Setting Outlook Permissions using Active Directory???"
- Previous message: Allen Firouz: "RE: GPO Question"
- In reply to: shaine fisher: "remote access trouble"
- Next in thread: shaine fisher: "Re: remote access trouble"
- Reply: shaine fisher: "Re: remote access trouble"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
