Re: Remote Desktop Users Group Lacks Rights
- From: "Vera Noest [MVP]" <Vera.Noest@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 15 Sep 2006 04:18:58 -0700
Yes, I agree with Andrew, that's most likely the user right you
must give to all users.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
*----------- Please reply in newsgroup -------------*
=?Utf-8?B?UmljaGFyZCBUaG9tcHNvbg==?=
<RichardThompson@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote on 14 sep 2006:
Hi Andrew,.
I believe that the way you will do this will be to edit the
Domain Controller Security Policy to allow log on locally to the
user group you want to be able to log on.
Remember that by editing this you are weakening ALL of your
domain controllers and as Vera said it is not best practice to
do this.
Kind Regards
Richard
"Andrew Bernstein" wrote:
Thank you Vera, you have answered my queries many times and
always on target.
I understand what you are saying but we must implement it for
a few users.
I found this article
http://www.chicagotech.net/RemoteAccess/ts15.htm which says
exactly what you said but also suggests ways to open it up
without giving out rights to all folders. What would be the
best way of the 5 listed on that page to allow only their
default rights.
"Vera Noest [MVP]" wrote:
The problem lies in the fact that this server is a Domain
Controller.
It is *not* recommended, for both performance and security
reasons, to install Terminal Services on a DC. What you in
effect are doing is to turn the DC into a multi-user
workstation!
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
=?Utf-8?B?QW5kcmV3IEJlcm5zdGVpbg==?=
<AndrewBernstein@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote on 14 sep
2006 in microsoft.public.windows.terminal_services:
I was called in to setup a new user on a server running
Windows 2003 Server SP1. The server is a domain controller
also. I setup the user and was told they needed to be able
to access the server remotely, so I added the user to the
REMOTE DESKTOP USERS group (RDU) but got the following
error when connecting as the user:
"To log onto this remote computer you must be granted the
allow logon through terminal services right. By default,
members of the RDU group have this right. If you are not a
member of the RDU group, or another group that has this
right, or if the RDU does not have this right, you must be
granted this right manually"
I called the consultant who setup the server and his reply
was to add the to the administrators group to solve the
problem. This did but it seems to be too much rights to
grant to the average user.
Is there someplace I can check or what do I need to set so
that a regular user once added to the RDU can access the
server through remote destktop client and terminal
services.
I looked at the properties for the RDU group (esp security
tab) but am not sure what needs to be changed to allow it
to work properly.
- References:
- Re: Remote Desktop Users Group Lacks Rights
- From: Vera Noest [MVP]
- Re: Remote Desktop Users Group Lacks Rights
- From: Richard Thompson
- Re: Remote Desktop Users Group Lacks Rights
- Prev by Date: PubForum 2006 Amsterdam Invitation! November 2-5, 2006 Amsterdam, NL
- Next by Date: Re: no GPO how ?
- Previous by thread: Re: Remote Desktop Users Group Lacks Rights
- Next by thread: Re: Security Warning
- Index(es):
Relevant Pages
|
