Re: User cannot RDP to 2k3 server
- From: "Jeff Pitsch" <jeff@xxxxxxxxxxxxxxxxx>
- Date: Wed, 4 Jan 2006 08:28:42 -0500
User rights are assigned in gpedit.msc or GPO. comptuer config/windows
settings/security settings/local settings/user rights assignment I would
also recommend picking up some books or training to learn more about windows
and especially termnal services.
Jeff Pitsch
http://www.sbcgatekeeper.com
Your Terminal Services Security Website
"redrobit" <redrobit@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A4FE303E-E171-47E4-B084-F40B5ECC03C0@xxxxxxxxxxxxxxxx
> It was originally saetup that way before my arrival due to the fact it is
> a
> small buisness with 2 servers. Not sure really where to go from here on
> this. I went into Computer managment to add the user locally on the
> server
> in question, however there is no "Local Users and Groups" node as MS
> indicates there should be on the servers I cannot access. Any idea why?
>
> "Jeff Pitsch" wrote:
>
>> Ok, that's not good. DC's and terminal services are really bad
>> combinations. Why allow your users to mess up your active directory?
>> really really bad idea
>>
>> So you don't have the remote desktop user group. that explains that.
>> You
>> need to manually assign the users/groups to the log on locally right and
>> the
>> log into terminal services rights (the 2nd one is something like that).
>>
>> Again, don't a make the terminal servers DC's. Really bad things happen.
>>
>> Jeff Pitsch
>> http://www.sbcgatekeeper.com
>> Your Terminal Services Security Website
>>
>> "redrobit" <redrobit@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:374E38BB-B74D-43D4-914A-8A767BEE4BCF@xxxxxxxxxxxxxxxx
>> > Actually 3 of the 4 servers are DC's, specifically the new servers.
>> > The
>> > two
>> > old servers she is able to access are a member server, and the TS
>> > license
>> > server. It is a DC. Its a very strange issue.
>> >
>> > "seth" wrote:
>> >
>> >> i don't quite see the connection there; seems to be coincidence that
>> >> the
>> >> clean install systems are the ones that aren't working
>> >>
>> >> since she is a member of the group in AD and the servers are not
>> >> DC's...then
>> >> there is your problem
>> >> she needs to be part of that group on the server itself; member
>> >> servers
>> >> have
>> >> their own user accounts and she needs to be part of that group on the
>> >> local
>> >> server
>> >> adding her to the remoted desktop users group in AD would only allow
>> >> her
>> >> to
>> >> connect to a terminal server running on a dc, which of course isn't
>> >> recommended
>> >>
>> >> "redrobit" <redrobit@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> news:B8EA0BF4-D92D-4E5B-8D3C-F662A91D1E12@xxxxxxxxxxxxxxxx
>> >> > In AD correct. On an additional note, the 2 servers she cannot
>> >> > connet
>> >> > to
>> >> > are
>> >> > clean 2k3 server installs. The 2 servers she can connect to are
>> >> > upgrades
>> >> > from server 2000.
>> >> >
>> >> > "seth" wrote:
>> >> >
>> >> >> she is a member of the remote desktop users group in AD or for that
>> >> >> server?
>> >> >> member servers have their own separate remote desktop users group
>> >> >>
>> >> >> "redrobit" <redrobit@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> >> news:AA2E4163-E9C2-4815-B732-8499722F0214@xxxxxxxxxxxxxxxx
>> >> >> > She is, and she can RDP to the two old servers, just not the two
>> >> >> > new
>> >> >> > ones.
>> >> >> > She gets the error message when attempting to log on tto the new
>> >> >> > servers
>> >> >> > only.
>> >> >> >
>> >> >> > "seth" wrote:
>> >> >> >
>> >> >> >> did you check the server and see if her account is part of the
>> >> >> >> remote
>> >> >> >> desktop users group?
>> >> >> >> if she isn't she won't be able to connect; unless you specify in
>> >> >> >> the
>> >> >> >> user
>> >> >> >> rights assignment that she specifically has the right to log on
>> >> >> >> through
>> >> >> >> terminal services
>> >> >> >> but easier just to make her part of that remote desktop users
>> >> >> >> group
>> >> >> >>
>> >> >> >> "redrobit" <redrobit@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> >> >> news:EA4821FC-AEFF-49FE-B89F-CFA75C7FB337@xxxxxxxxxxxxxxxx
>> >> >> >> > Hi All:) I have a 4 server enviroment now. Just added 2 new
>> >> >> >> > servers.
>> >> >> >> > I
>> >> >> >> > have a user that needs to RDP to one of the new servers. She
>> >> >> >> > cannot
>> >> >> >> > RDP
>> >> >> >> > to
>> >> >> >> > either of the new servers, but can to both of the old servers.
>> >> >> >> > When
>> >> >> >> > attempting to RDP to a new server she recives a message: To
>> >> >> >> > log
>> >> >> >> > on
>> >> >> >> > to
>> >> >> >> > this
>> >> >> >> > remote computer you must be granted the Allow Log on Through
>> >> >> >> > Terminal
>> >> >> >> > Services.......
>> >> >> >> >
>> >> >> >> > To the best of my knowlege she is in the appropriate groups,
>> >> >> >> > and
>> >> >> >> > as
>> >> >> >> > I
>> >> >> >> > said,
>> >> >> >> > can RDP to either of the old servers, but not the new ones.
>> >> >> >> > Any
>> >> >> >> > ideas
>> >> >> >> > and
>> >> >> >> > thoughts are greatly appreciated!!! FYI, Anyone with admin
>> >> >> >> > rights
>> >> >> >> > can
>> >> >> >> > RDP
>> >> >> >> > to
>> >> >> >> > the new servers.
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>
.
- References:
- Re: User cannot RDP to 2k3 server
- From: seth
- Re: User cannot RDP to 2k3 server
- From: redrobit
- Re: User cannot RDP to 2k3 server
- From: Jeff Pitsch
- Re: User cannot RDP to 2k3 server
- From: redrobit
- Re: User cannot RDP to 2k3 server
- Prev by Date: Re: Network Printer redirection
- Next by Date: Re: Preinstallation Terminal Server Licensing
- Previous by thread: Re: User cannot RDP to 2k3 server
- Next by thread: RE: User cannot RDP to 2k3 server
- Index(es):
Relevant Pages
|
