Re: After changing User rights assignment, users can not logon to
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Tue, 22 May 2007 10:03:52 -0500
"Eli" <Eli@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0C652729-7086-4815-AAEE-4C2156A68777@xxxxxxxxxxxxxxxx
Answers to your questions to my post.
I did put them into remote desktop group, but they still couldn't logon.
So even when you put users directly into that group on a workstation they
cannot logon using Remote Desktop but they can logon locally to the machine?
And you (an admin) can use Remote Desktop to that same machine?
(eliminates firewall issues.)
If all this is the case you have some problem other than Group Policy,
likely with authentication or some such.
The Default Domain Policy was edited, after it didn't work, I disable it
and
created a new policy without any changes.
A new policy object would have NO settings, not even the defaults and this
is not likely a good idea.
In the old GPO the only edit was that relevant to my problem that I added,
domain users to "allow logon locally and thru Terminal services".
Terminal services does NOT affect RDP to my knowledge but only true
terminal servers.
In the new one everything is "not defined"
First I edited, and then removed and applied the new one- both didn't
work.
Terrible idea or not, there are about 50 users that can't login to their
workstations, and the company needs to function somehow.
They can't logon locally either?
I meant that the Win 2003 is the Operational Master.
There are five such masters and these do not have to stay together.
Likely you should make all DCs into GCs also, but this probably isn't
related to your problem.
"Try doing the above -- perhaps manually --and prove that it works"
Do what?
Putting the users into the Remote Desktop Users group for some
workstation and prove they have access (you should have your
own "EliUser" account so you can test this quickly of course.
--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)
"Herb Martin" wrote:
"Eli" <Eli@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7F4BCDB8-6CAC-4C33-BE26-3C0A87AA4E34@xxxxxxxxxxxxxxxx
I was trying to give Domain Users ability to login on workstations using
remote desktop.
Gave them rights in "user rights assignment". But something went
wrong.
Nobody with Domain Users rights is able to login locally or remotely to
their workstations.
Did you put the "Domain Users" GROUP into the Remote Desktop Users
group?
Reversed the Group Policy back "not defined" - didn't helped.
If not, what specific GPO item did you use and where did you link it
(relative to the workstations)?
Disabled old GPO and put a new one default without any changes - didn't
help.
What was in this GPO? Nothing? Then it is irrelevant.
Are you editing or removing the Default Domain GPO? (Both bad ideas).
How do I give them rights back to login on their workstations and what
needs
to be done so they can login thru remote desktop?
You can put the Domain Users group into the Remote Desktop Group if that
is really what you wish to do.
I had to give them temporary Domain Admin rights so they can logon in
the
mean time.
Ugh. That is really a terrible idea.
Domain controller - Win 2003 SP1 - Master
Secondary domain controller Win 2000
Just DCs, there are no "master" nor "secondary" DCs in Win2000+ --
there are some master roles but other than that all DCs are co-equal
and should be though of that way.
All PCs XP with SP2
Try doing the above -- perhaps manually --and prove that it works
before proceeding with GPO changes. Once you know the method
works you have a better chance of automating it with a GPO (or when
using scripting.)
--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)
.
- Follow-Ups:
- References:
- Prev by Date: Re: User Authentication
- Next by Date: Re: Trusted account names unresolves to SID whan applied
- Previous by thread: Re: After changing User rights assignment, users can not logon to
- Next by thread: Re: After changing User rights assignment, users can not logon to
- Index(es):
Relevant Pages
|
