Re: Terminal Server logon problem
- From: Net Admin <NetAdmin@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 28 Aug 2007 11:06:04 -0700
At this point, I would demote that faulty DC, remove it from the domain,
delete the object in Active Directory, then add it back and promote it. If
you have more than the one other DC then you'll need to force or wait for
replication after deleting the object.
"RGA" wrote:
I upgraded our current SBS 2003 box to new hardware using SBSMigration.com's.
technique. When it was time to bring the old SBS server offiline and make
the switch, I demoted the additional DC and put it into workgroup mode, then
rejoined it to the new SBS server with the same domain name, then ran
dcpromo to make it an additional DC again. I think all is well with the
exception of the current issue with not being able to access the domain
policy snapon on the additional DC.
"Net Admin" <NetAdmin@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E574D11E-63DE-45B9-9426-ED35AA86BBCB@xxxxxxxxxxxxxxxx
You had a server that was upgraded to SBS 2003? What was it before? Was it
in
a domain? If it was, how did you remove it?
How did you remove/add the other DC from its domain to your current one?
"RGA" wrote:
I am getting a group policy error - You do not have permissions to
perform
this operation when trying to open the domain group policy snap in on the
addional DC with the domain administrator acct. I can log in ok to domain
group policy snap in on the SBS 2003 box so I have no clue what I have
done.
The only thing I thought I changed was taking the administrators account
out
of the "Deny logon thru Terminal Services" in the local policy snap in
per
your suggestion. I seem to be taking one step forward and 2 steps
back....frustrating!
"Net Admin" <NetAdmin@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A19D4A35-7063-402D-BC0B-B21357944199@xxxxxxxxxxxxxxxx
Lost Admin privileges? How? What error does it give you?
What account do you use to logon and check the domain policies?
Have you checked the membership of that account to make sure it's a
Domain
Admin?
"RGA" wrote:
NetAdmin,
Your suggestion worked. I was doing the settings on the domain
security
policy and not the local security policy. Howver now, I try to open
the
domain security policy snapin or the domain controller security policy
and I
lost permissions as the administrator to do so???? Any ideas?
Thanks!
"Net Admin" <NetAdmin@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F8C2C0A9-4CA2-42D3-8285-9C405134ABF5@xxxxxxxxxxxxxxxx
To enable RDP, on the server that you want to RDP into, you must:
1. Use the Remote tab in System Properties and enable it.
2. Make the user a member of the Remote Desktop Users group.
3. Use the Security policy as I mentioned earlier.
4. In Active Directory, make the user a member of the Remote Desktop
Users.
*You don't need to do anything on the client PC.
"RGA" wrote:
That is how I have the policies configured and that is what is
baffling
me.
"Net Admin" <NetAdmin@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DE63ACA0-9A32-45C8-AD2D-397AE567A082@xxxxxxxxxxxxxxxx
This is how I do it with Server 2003 Standard:
Go to START, RUN, and type in SECPOL.MSC then hit ENTER.
Look under LOCAL POLICIES, USER RIGHTS ASSIGNMENT.
In the right pane there will be a setting called "Allow logon
through
Terminal Services", make sure that account is in there.
Also make sure that account is not in the "Deny logon through
Terminal
Services"
Does this help?
"Coraleigh Miller" wrote:
I meant did you try adding it to the remote users group on the
other
DC,
the
one you are having trouble logging onto.
You might also want to post your question over on the
microsoft.public.windows.terminal_services group, they are very
responsive
with TS related issues.
Coraleigh
"RGA" <blahATblahDOTblah> wrote in message
news:eCVGyEN6HHA.484@xxxxxxxxxxxxxxxxxxxxxxx
Yes, I added the admin acct to the remote desktop users group
on
the
SBS
2003 server and I am still not able to log into the DC with
the
admin
acct.
"Coraleigh Miller" <CoraleighMiller@xxxxxxxxx> wrote in
message
news:%23VrWF%23M6HHA.980@xxxxxxxxxxxxxxxxxxxxxxx
Hi RGA,
Did you try adding the admin account to the local Remote
Desktop
Users
group on the other DC?
Coraleigh Miller
"RGA" <blahATblahDOTblah> wrote in message
news:eC9wpBL6HHA.5164@xxxxxxxxxxxxxxxxxxxxxxx
I upgraded my SBS 2003 server over the weekend and all went
well.
In
doing so, I had to demote the other DC in my domain and
rejoin
it
to
the
new SBS server's domain. I now cannot log on to the other DC
remotely
with terminal server. I have checked all the policy and
terminal
server
settings and permissions and I can't seem to figure it out. I
am
able
to
log on with my personal domain acct but the administrator
account
gets
the "To log on to this remote computer you must be granted
the
Allow
log
on throuogh Terminal Services right" message. This is really
baffling
me
as I have set all of the settings (I thought) to match those
on
the
SBS
2003 server which I am able to log on as the administrator
account.
Help Please! Thanks!
- References:
- Terminal Server logon problem
- From: RGA
- Re: Terminal Server logon problem
- From: Coraleigh Miller
- Re: Terminal Server logon problem
- From: RGA
- Re: Terminal Server logon problem
- From: Coraleigh Miller
- Re: Terminal Server logon problem
- From: RGA
- Re: Terminal Server logon problem
- From: Net Admin
- Re: Terminal Server logon problem
- From: RGA
- Re: Terminal Server logon problem
- From: Net Admin
- Re: Terminal Server logon problem
- From: RGA
- Re: Terminal Server logon problem
- From: Net Admin
- Re: Terminal Server logon problem
- From: RGA
- Terminal Server logon problem
- Prev by Date: Re: W3SVC Errors in Event Viewer
- Next by Date: <newbie> is this DNS okay ??
- Previous by thread: Re: Terminal Server logon problem
- Next by thread: DHCP on 1 subnet only
- Index(es):
Relevant Pages
|
Loading
