Re: Can not log into my terminal server - logon error

---

• From: "Vera Noest [MVP]" <vera.noest@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Fri, 02 Jun 2006 14:26:54 -0700

---

Mmm, that shouldn't be necessary. The Remote Desktop Users group
has by default "User" permissions on the rdp-tcp connection. That's
why it should be enough to make your users members of this group.

But if the Remote Desktop Users group didn't have permissions on
the rdp-tcp connection for one reason or the other, that would
explain your problem.

Anyway, I'm glad you got it solved.

Note that the recommended way to lock down your TS is to link a
restrictive GPO to the OU that contains the TS computer account,
*not* the user accounts, and use loopback processing of the GPO.
This way, you avoid locking down users when they log in to their
normal workstation, which will happen if you link the restrictive
GPO to the user account OU.

260370 - How to Apply Group Policy Objects to Terminal Services
Servers
http://support.microsoft.com/?kbid=260370

231287 - Loopback Processing of Group Policy
http://support.microsoft.com/?kbid=231287
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?UGhpbCBCdXp6ZXR0ZQ==?=
<PhilBuzzette@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote on 02 jun 2006 in
microsoft.public.windows.terminal_services:

I am pretty sure I figured it out. I had to give them access to
the connection through the terminal services configuration. I
had them as members of the group on the local machine and it
still didn't work.

I have an OU created with specific log on usernames
that have a set GPO.

I mean that I have a domain controller that, through active
directory, I created a OU for the Terminal Service Users. I
created a GPO for the users as a "lockdown" method.

"Vera Noest [MVP]" wrote:

Then you probably are not connecting to the console session
after all.

A console session (which is only available to Administrators),
is started by typing "mstsc /console" at a command prompt.

If you just type "mstsc", or you use the Remote Desktop Client,
then you are *not* connecting to the console session.

As the error messages says, your users must be members of the
local build-in group "Remote Desktop Users" on your Terminal
Server. Can you confirm that this is the case?
And what exactly do you mean with:

I have an OU created with specific log on usernames
that have a set GPO.

_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
*----------- Please reply in newsgroup -------------*

=?Utf-8?B?UGhpbCBCdXp6ZXR0ZQ==?=
<PhilBuzzette@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote on 02 jun 2006:

I am not familiar with how to remove the console option.

"Jeff Pitsch" wrote:

Simply remove the console option.

Jeff Pitsch
Microsoft MVP - Terminal Server

Forums not enough?
Get support from the experts at your business
http://jeffpitschconsulting.com

"Phil Buzzette" <PhilBuzzette@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:BE0FF4FC-D89F-4998-8460-CBFD444611AB@xxxxxxxxxxxxxxxx

Not to be ignorant, but how do I go about correcting this?
I don't need administrators to connect. The normal users
simply need to log in to run a simple time clock
application.

"Jeff Pitsch" wrote:

the console session only allows administrators to
connect. the console session is not to be used by normal
users and is not controlled by TS in application mode.

Jeff Pitsch
Microsoft MVP - Terminal Server

Forums not enough?
Get support from the experts at your business
http://jeffpitschconsulting.com

"Phil Buzzette" <PhilBuzzette@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:5108C880-5E85-42FB-B4EA-9DAC3798BDFD@xxxxxxxxxxxxxxxx

I am connecting to the console session and the server is
configured in
application mode.

"Jeff Pitsch" wrote:

Are you connecting to the console session? Go to Run
and type mstsc.exe
then hit enter, then try to connect. as well, make
sure you have terminal
services installed in application mode (add/remove
programs, windows components.

Jeff Pitsch
Microsoft MVP - Terminal Server

Forums not enough?
Get support from the experts at your business
http://jeffpitschconsulting.com

"Phil Buzzette"
<PhilBuzzette@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:1846AB70-2CA4-4AC7-838C-764701030639@xxxxxxxxxxxxx
...

"To log on to this remote computer, you must be
granted the Allow log
on
through terminal services right. By default, members
of the Remote desktop
users group have this right. If you are not a member
of the Remote Desktop
Users group or another group that has this right, or
if remote desktop
user
group does not have this right, you must be granted
this right manually."

I have my machine, my terminal server, and my server
with active directory.
I have an OU created with specific log on usernames
that have a set GPO.
When
I open up rdp on my local pc and remote into my
terminal server, I get
the
above error message. The user account that I am
using is not an admin,
but
is
a domain user and a remote desktop user. I am
wondering what I might be
missing. If I make the user a domain admin, it works
fine, but that will
not
work in my situation. Any ideas or recommendations
would be greatly appreciated. Thank you in advance
for those who take the time to assist
me.

.

---

• References:
  • Re: Can not log into my terminal server - logon error
    • From: Jeff Pitsch
  • Re: Can not log into my terminal server - logon error
    • From: Phil Buzzette
  • Re: Can not log into my terminal server - logon error
    • From: Jeff Pitsch
  • Re: Can not log into my terminal server - logon error
    • From: Phil Buzzette
  • Re: Can not log into my terminal server - logon error
    • From: Vera Noest [MVP]
  • Re: Can not log into my terminal server - logon error
    • From: Phil Buzzette

• Prev by Date: Re: display name for users' my docs inherits that of default user prof
• Next by Date: Re: Why use VPN?
• Previous by thread: Re: Can not log into my terminal server - logon error
• Next by thread: Re: terminal server becomes unavailable
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Can not log into my terminal server - logon error ... connection through the terminal services configuration. ... If you just type "mstsc", or you use the Remote Desktop Client, ... your users must be members of the local ... build-in group "Remote Desktop Users" on your Terminal Server. ... (microsoft.public.windows.terminal_services) Re: Does Terminal Server Licensing turn off Remote Desktop for Adm ... Remote Desktop for Administration and Terminal Services, ... MCSE, CCEA, Microsoft MVP - Terminal Server ... > Terminal Server Licensing. ... (microsoft.public.win2000.termserv.apps) The local policy of this system does not allow you to log on inter ... I also checked "Deny Logon Locally" and nothing is configured. ... I am trying to logon to the Terminal Server ... I have added the group Domain Users to the Builtin Group Remote Desktop ... (microsoft.public.windows.terminal_services) Re: Terminal services ... Using the Remote Desktop Connection, each user uses the same IP with a ... This allows each user to log directly to their workstation using ... > Getting another box to act as terminal server takes the load off of SBS. ... > Citrix is a VERY big learning curve which sits ontop of a Terminal Server, ... (microsoft.public.windows.server.sbs) Re: Connect to my computer at work ... I was planning on doing more with GPO ... Itan Barmes ... Add the user to the local workstation's Remote Desktop ... All the computers in this OU should have the startup script applied ... (microsoft.public.windows.server.sbs)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.terminal_services  > 2006-06