RDP onto DCs with non-admin accounts
- From: "GrahamC" <GrahamC@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 12 Jul 2005 00:28:03 -0700
I'm having some fun and games getting non-admin accounts to be able to RDP
onto my DCs. Scenario as follows:
Windows Server 2003 forest, raised to 2003 functional level.
User is using a secondary logon account, which is a member of
"Builtin\Remote Desktop Users" and has the User Right "Log on locally"
assigned via the "Default Domain Controllers Policy"
Ordinarily this works fine (well it does in both my test forests) but in the
Production Forest there are 4 DCs which won't accept the logon.
I've checked and all policies are in synch (checked using GPOTOOL across
Sysvol and the AD) and DCDIAG reports no problems. Nothing useful is
appearing in the event log.
When the user is denied logon to my errant DCs he gets "The local policy of
the sysem won't allow you to logon interactively"; however this user account
can connect via the iLO board and logon to the console so they clearly can!
The RDP permissions are set to normal, ie "Builtin\RemoteDesktopUsers" have
User and Guest access.
I'm clearly missing something but I don't know what! Any guidance would be
gratefully received.
.
- Follow-Ups:
- RE: RDP onto DCs with non-admin accounts
- From: GrahamC
- RE: RDP onto DCs with non-admin accounts
- Prev by Date: RE: Restore DC from PDC Emulator
- Next by Date: Re: user and password
- Previous by thread: Unable to set up SSL
- Next by thread: RE: RDP onto DCs with non-admin accounts
- Index(es):
Relevant Pages
|
