Re: Problem logging onto TS via RWW
- From: v-yanniw@xxxxxxxxxxxxxxxxxxxx ("Jenny wu [MSFT]")
- Date: Tue, 11 Jul 2006 12:26:31 GMT
Hi Steve,
Thanks for your update.
I am sorry for not clarification the information in my previous post.
The step 1 should be configured on the terminal server box.
And the steps 2, 3 should be configured on the SBS server box. And the step
2 can also be processed on the TS box.
For current situation, I suggest that you try to configure "Allow log on
locally" and "Allow log on through Terminal Services" on the local Security
Policy on the terminal server box as I requested in my previous post. And
then test the issue and let me know the result.
By default, if we don't configure the policies, the policies are applied to
objects as follows:
On workstations and servers: Administrators, Backup Operators, Power Users,
Users, and Guest.
On domain controllers: Account Operators, Administrators, Backup Operators,
Print Operators, and Server Operators.
I appreciate your time.
Have a nice day!
Sincerely,
Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
From: "Steve Everington" <steve.nospam@xxxxxxxxxxxxxxxxxx><x75joQMpGHA.2024@xxxxxxxxxxxxxxxxxxxxx>
References: <OObaA1DpGHA.2292@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: Problem logging onto TS via RWWterminal
Date: Tue, 11 Jul 2006 11:22:25 +0100
Lines: 136
Organization: Pannell Signs Ltd
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
X-RFC2646: Format=Flowed; Original
Message-ID: <u47nrPNpGHA.1796@xxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.windows.server.sbs
NNTP-Posting-Host: mailgate.pannellsigns.co.uk 83.104.93.106
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:280448
X-Tomcat-NG: microsoft.public.windows.server.sbs
HI Jenny,
Thanks for the reply.
Can I just check a couple of things with you:-
Firstly, in item 1, am I doing this on the domain controller or the
server? If it is the latter, then currently the local Remote DesktopUsers
group has the User & Gurst Access permissions checked, but not the domainthe
Remote Desktop Users Group. The local group has no members whereas the
domain group does so I guess I want the latter, but I cannot seem to add
domain group.as
Secondly, currently, both the Allow log on locally & Allow log on through
Terminal Services policies are undefinded. I am right is presuming that,
they are undifined, they will be having no effect and hence allowing loglet
on's ?
Thanks for the help
Steve Everington
""Jenny wu [MSFT]"" <v-yanniw@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:x75joQMpGHA.2024@xxxxxxxxxxxxxxxxxxxxxxxx
Hi Steve,
Thanks for using the SBS newsgroup.
From your description, I understand the issue is that one user received
error message "To log onto this remote computer, you must be granted the
Allow log on through Terminal Services right. By default......" when
attempting to RDP to TS trough the RWW site although the user belongs to
Remote Desktop Users group. If I am off base, please don't hesitate to
asme know.
To trouble shoot this problem efficiently, let us check the following
settings one by one. I understand that you have performed some of them. I
still suggest that you double check them as they are the most possible
causes for this issue.
1. Check terminal services permission
------------------------------------
1. Open the Terminal Services Configuration snap-in.
2. Right click the "Rdp-tcp" item, and click Properties.
3. In the Permission tab, ensure that Remote Desktop Users group and any
other users that you want to grant remote desktop permission have the
"User
Access" and "Guest Access" permission.
4. Click OK.
2. Allow logon through Terminal Services
---------------------------------------
To grant a user these permissions, start the Group Policy snap-in, open
the
Local Security Policy or the appropriate level of Group Policy (OU or
default domain policy), and then navigate to the following location:
Computer Configuration\Windows Settings\Security Settings\Local
Policies\User Rights Assignment
1. Open the Default domain policy snap-in.
2. Ensure that Remote Desktop Users group is listed in the "Allow log on
locally" and "Allow log on through Terminal Services" policies, and add
the
problematic user account to the policy.
3. Check for "Deny log on locally" and "deny log on through Terminal
Services", make sure no settings had been set.
4. Check other group policies that apply to the domain controller, such
arethe default domain policy and local group policy, to ensure that users
letnot listed in the "Deny log on locally" and "deny log on through Terminal
Services" group policies.
5. Run "gpupdate /force" on this DC and restart the terminal server to
Notthe changes take effect.
6. Use the problem user account that we had added in the step 4 to check
the issue again.
For more information about this problem, please see:
278433 Accessing Terminal Services Using New User Rights Options
http://support.microsoft.com/?id=278433
Additional readings that might help:
289289 Remote Desktop Connection "The Local Policy of This System Does
Usershttp://support.microsoft.com/?id=289289
3. Allow logon to Terminal Server
-------------------------------
To grant a user these permissions, start either the Active Directory
clickand Computers snap-in or the Local Users And Groups snap-in, open the
user's properties, click the Terminal Services Profile tab, and then
membershipto select the "Allow logon to Terminal Server" check box.
Does it work now? If this problem continues, please help us collect some
information so that we can perform further research on this issue:
1. Please perform the following steps to collect the user group
http://www.microsoft.com/downloads/details.aspx?FamilyID=9D467A69-57FF-4AE7-and send the output to my working mailbox: v-yanniw@xxxxxxxxxxxxx
1) Download and install ifmember.exe on the terminal server from the link
below:
DC:96EE-B18C4790CFFD&displaylang=en
2) Logon as the problematic user, open the Windows Resource Kit tool
command window and run the following command:
<Path>\ifmember /list >ProblemUser.txt
2. Let us use the GPMC utility to generate a policy report for the
terminal
server.
1) Download and install the GPMC utility from the following URL on the
http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-
my9272-DD3CBFC81887&displaylang=en
2) After you installed GPMC.MSI, go to Start -> Run, type GPMC.MSC, it
will
load the GPMC console
3) Right click on "group policy result" and choose wizard to generate a
report for the terminal server. (choose computer and select the properly
user in the wizard)
4) Choose summary tab and right click on the icon in the "group policy
result" => save report to save the report to a HTML file and give it to
working mailbox: v-yanniw@xxxxxxxxxxxxxx
I appreciate your time. I am happy to be of assistance to you and look
forward to your reply.
Have a nice day!
Sincerely,
Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
.
- References:
- Problem logging onto TS via RWW
- From: Steve Everington
- RE: Problem logging onto TS via RWW
- From: "Jenny wu [MSFT]"
- Re: Problem logging onto TS via RWW
- From: Steve Everington
- Problem logging onto TS via RWW
- Prev by Date: Re: SBS 2003/Outlook Time issue
- Next by Date: Re: Anybody Else Using Vamsoft ORFEE?
- Previous by thread: Re: Problem logging onto TS via RWW
- Next by thread: RAID setup
- Index(es):
Relevant Pages
|
