Re: Connect to my computer at work

itan <itan.bar@xxxxxxxxx> wrote:
Sounds great.
I was planning on doing more with GPO (mainly for security reasons)
but before doing that i should learn more about how policies work.

Thank you very much for this advice
Itan Barmes

You're most welcome. I'm just a tyro when it comes to GP but it is way cool
stuff. Just remember - create your own policies, don't edit the built in
ones. Link them where they best belong (e.g., not at the domain level,
usually!)




"Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:eZ15$bBPIHA.4880@xxxxxxxxxxxxxxxxxxxxxxx
itan <itan.bar@xxxxxxxxx> wrote:
I am trying to connect to a computer via RWW but when i enter a user
and password (in the remote desktop screen) i get the message: The
local policy of this system does not premit you to log on
interactively. If i add the user as a local administrator then the
problem is
solved, but of course this is not the best solution.

How can i solve this?

Thanks in advance
Itan Barmes

Add the user (or a group) to the local workstation's Remote Desktop
users group. I personally add the entire AD group "Remote Web
Workplace Users" to each computer, as I don't care about who can log
in remotely to which machine. I also like to set up AD groups called
LocalAdmin, LocalPowerUser, so I can easily grant/revoke those
rights as needed from the server when I need to test/troubleshoot
something, or install software as the user account. .

Here's what I do to make life easier - I set up a batch file &
assign it as a startup script. The batch file has this:
........
net localgroup administrators DOMAIN\localadmin /add
net localgroup power users DOMAIN\localpoweruser /add
net localgroup remote desktop users "DOMAIN\Web Workplace Users"
/add ........

I set this up in my own GPO linked at the appropriate OU (I would
where your computers live (if you haven't created custom ones,
you'll need to - unless you're using SBS, which creates its own
hierarchy). Edit the GPO - go to Computer Configuration \ Windows
Settings \
Scripts (startup/shutdown)
Double-click Startup, click Add
Copy the batch file you created to the clipboard, then paste it in
the window here
Exit/apply/ok/finish whatever

All the computers in this OU should have the startup script applied
when they restart, and you can now control all this at the server.




.

Relevant Pages

  • Re: User Management
    ... and your manager - and install it in one fell swoop. ... ideas - but here's my list of minimal GPO settings. ... for Remote Desktop access, too - in this case, RDaccess (SBS has ... All the computers in this OU should have the startup script applied ...
    (microsoft.public.windows.server.sbs)
  • Re: User Management
    ... you - and your manager - and install it in one fell swoop. ... ideas - but here's my list of minimal GPO settings. ... for Remote Desktop access, too - in this case, RDaccess (SBS has ... All the computers in this OU should have the startup script applied ...
    (microsoft.public.windows.server.sbs)
  • Re: Connect to my computer at work
    ... I was planning on doing more with GPO but ... Itan Barmes ... Add the user to the local workstation's Remote Desktop users ... as a startup script. ...
    (microsoft.public.windows.server.sbs)
  • Re: Connect to my computer at work
    ... Itan Barmes ... Add the user to the local workstation's Remote Desktop users ... net localgroup power users DOMAIN\localpoweruser /add ... All the computers in this OU should have the startup script applied when ...
    (microsoft.public.windows.server.sbs)
  • Re: Remote Desktop in Firewall Group Policy
    ... I would check the config at the desktop to ensure they are getting the GPO. ... acquired the correct settings for port/service/scope for the RDP service. ... >> Enabling a hole in the firewall for RDP does not necessarily turn the ... >> is where Remote Assistance is enabled and Remote Desktop is disabled. ...
    (microsoft.public.windows.group_policy)