Re: Cannot login as ordinary user to console session on Windows Server 2003 Standard SP1
- From: Denis <microsoftnews.20.dpnsubs@xxxxxxxxxxxxxxx>
- Date: Mon, 07 Nov 2005 03:54:25 +0300
I am having trouble connecting via RDP to console session of Windows 2003 Server Standard SP1. After connecting and entering correct user name and password I get the dialog box which says "To log on to this remote console session, you must have administrative permissions on this computer." The dialog has the only OK button. If I click it the connection is disconnected.
The problem is very weird because if I first perform login under the same user account at the physical console and then try to connect via RDP to the already logged on session, the connection succeeds.
The user account I am trying to connect under is a member of "Users" and "Remote Desktop Users" group, and is not a member of "Administrators" group. I have modified (relaxed) the security options in "Administrative Tools"->"Local Security Policy"->"Security Settings"->"Local policies"->"User rights assignment" to allow login for ordinary users. "Users" group has a right to "Logon Locally" and "Remote desktop users" has a right to "Logon through terminal services". The are no related "deny" rights set for the mentioned user account or groups it is a member of.
Terminal Services are running in "Remote Administration" mode, 2 connections maximum.
Any ideas?
You have to set your domain policy to permit logging on through TS: Default Domain Security Policy / Security Settings / Local Policies / User Rights Assignment / Allow logon through terminal services. Specify the "Remote desktop users" group in this policy.
In fact "Remote desktop users" group has "Allow logon through terminal services" right. I use Windows Server 2003 on my desktop. It is not a domain controller itself and is not a member of any other windows domain. I use SAM for user accounts. The "Local Security Policy" is just a "view" into security section of the local group policy which can accessed with "gpedit.msc" command.
I do not have access to Active Directory MMC consoles, including Active Directory Users and Computers (dsa.msc), Active Directory Domains and Trusts (domain.msc) and Active Directory Sites and Services (dssite.msc) because domain controller is not installed. There are no shortcuts for these mmc consoles in "Administrative Tools" folder. I can invoke these consoles manually but all they emit errors and warnings since they cannot recognise the DC and that is normal)
Now some clarifications.
When talking about the "console session" I mean the real console session, but through RDP/TS. This can be achieved by "mstsc.exe /console" or "Connect to console" checkbox of a connection in "Remote Desktops" MMC snap-in.
In fact when I click OK in the message box the connection is not disconnected, but the "Logon On to Windows" dialog box is presented again but with blank user name and password text boxes.
I am starting to believe that the isssue relates to "Remote Administration mode" of the server.
.
- References:
- Re: Cannot login as ordinary user to console session on Windows Server 2003 Standard SP1
- From: Pegasus \(MVP\)
- Re: Cannot login as ordinary user to console session on Windows Server 2003 Standard SP1
- Prev by Date: Re: Problem with shared usb drive over network
- Next by Date: Re: Server 2003 failed to install via network and OPK
- Previous by thread: Re: Cannot login as ordinary user to console session on Windows Server 2003 Standard SP1
- Next by thread: Bluetooth in Windows 2003 Server SP1
- Index(es):
