Re: After changing User rights assignment, users can not logon to

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Answers to your questions to my post.



I did put them into remote desktop group, but they still couldn't logon.


The Default Domain Policy was edited, after it didn't work, I disable it and
created a new policy without any changes.

In the old GPO the only edit was that relevant to my problem that I added,
domain users to "allow logon locally and thru Terminal services".

In the new one everything is "not defined"


First I edited, and then removed and applied the new one- both didn't work.

Terrible idea or not, there are about 50 users that can't login to their
workstations, and the company needs to function somehow.


I meant that the Win 2003 is the Operational Master.


"Try doing the above -- perhaps manually --and prove that it works"

Do what?


"Herb Martin" wrote:


"Eli" <Eli@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7F4BCDB8-6CAC-4C33-BE26-3C0A87AA4E34@xxxxxxxxxxxxxxxx
I was trying to give Domain Users ability to login on workstations using
remote desktop.
Gave them rights in "user rights assignment". But something went wrong.
Nobody with Domain Users rights is able to login locally or remotely to
their workstations.

Did you put the "Domain Users" GROUP into the Remote Desktop Users
group?


Reversed the Group Policy back "not defined" - didn't helped.

If not, what specific GPO item did you use and where did you link it
(relative to the workstations)?

Disabled old GPO and put a new one default without any changes - didn't
help.

What was in this GPO? Nothing? Then it is irrelevant.

Are you editing or removing the Default Domain GPO? (Both bad ideas).

How do I give them rights back to login on their workstations and what
needs
to be done so they can login thru remote desktop?

You can put the Domain Users group into the Remote Desktop Group if that
is really what you wish to do.

I had to give them temporary Domain Admin rights so they can logon in the
mean time.

Ugh. That is really a terrible idea.


Domain controller - Win 2003 SP1 - Master
Secondary domain controller Win 2000

Just DCs, there are no "master" nor "secondary" DCs in Win2000+ --
there are some master roles but other than that all DCs are co-equal
and should be though of that way.

All PCs XP with SP2

Try doing the above -- perhaps manually --and prove that it works
before proceeding with GPO changes. Once you know the method
works you have a better chance of automating it with a GPO (or when
using scripting.)

--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)



.

Relevant Pages

  • Re: Connect to my computer at work
    ... I was planning on doing more with GPO ... Itan Barmes ... Add the user to the local workstation's Remote Desktop ... All the computers in this OU should have the startup script applied ...
    (microsoft.public.windows.server.sbs)
  • Re: Remote Desktop in Firewall Group Policy
    ... I would check the config at the desktop to ensure they are getting the GPO. ... acquired the correct settings for port/service/scope for the RDP service. ... >> Enabling a hole in the firewall for RDP does not necessarily turn the ... >> is where Remote Assistance is enabled and Remote Desktop is disabled. ...
    (microsoft.public.windows.group_policy)
  • Re: Preventing logon to local accounts
    ... Domain Users in the listing of groups in this category. ... default a member of the local users on a workstation, ... If you have rdp enabled and the group specified in the remote desktop users ...
    (microsoft.public.windows.server.active_directory)
  • Re: After changing User rights assignment, users can not logon to work
    ... Gave them rights in "user rights assignment". ... Did you put the "Domain Users" GROUP into the Remote Desktop Users ... What was in this GPO? ...
    (microsoft.public.windows.server.active_directory)
  • Re: Can not log into my terminal server - logon error
    ... has by default "User" permissions on the rdp-tcp connection. ... But if the Remote Desktop Users group didn't have permissions on ... and use loopback processing of the GPO. ... MCSE, CCEA, Microsoft MVP - Terminal Server ...
    (microsoft.public.windows.terminal_services)