Re: Non Administrative Console Access

Pete,
Adding users to Remote Desktop Users Group only allows those users to connect to RDP-Tcp connections (or winstation). By default, only Administrators can connect to console session remotely (with the /console switch).
If you're running Win2k3 server and above, you can use our TS WMI provider to change the default setting. The simpler way is to use WMIC.
To allow a non-admin user to connect to console session remotely, please try running the following in a cmd shell with Administrators user account:

WMIC RDPermissions Where "TerminalName='Console'" Call AddAccount "domain\UserName", 2

If you want to restore to default setting:

WMIC RDPermissions where "TerminalName='console'" call RestoreDefaults

Here's more info on Win32_TSPermissionsSetting class template:
http://msdn2.microsoft.com/en-us/library/aa383815.aspx

Here's more info about how to use wmi in general:
http://blogs.msdn.com/ts/archive/2006/10/03/Terminal-Services-_2800_TS_2900_-Remote-Configuration-Primer-Part-1.aspx


Thanks
Soo Kuan


--
This posting is provided "AS IS" with no warranties, and confers no rights.

"PeteB" <PeteB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:2F49806C-6627-48AD-A0BB-8869CF5D83BF@xxxxxxxxxxxxxxxx
Hi,

Error message is:

"To log on to this remote session, you must have administrative permissions
to this computer"

This only appears when trying to access the server via TS Console session,
there is no Event written to the error log when this occurs.

rgds

Pete

No-one else is logged onto the console at the time

"Patrick Rouse" wrote:

What error does the end user see, and what is written to the event log when
this user's console logon is denied? Is there another user logged onto the
console session?



--
Patrick C. Rouse
Microsoft MVP - Terminal Server
Provision Networks VIP
Citrix Technology Professional
President - Session Computing Solutions, LLC
http://www.sessioncomputing.com



"PeteB" wrote:

> Hi Josh
>
> User account is in the Remote Desktop users group, and can logon to a > normal
> TS sesson without the /console switch. The account can also logon > directly
> to the physical console
>
> rgds
>
> Pete
>
> "Josh Rosenberg [MSFT]" wrote:
>
> > Just to be sure, you have added the user account in question to the > > Remote
> > Desktop users group on all of the servers, right? And you are able > > to logon
> > normally, without the /console switch? If you can't logon with or > > without
> > the /console switch, you probably forgot to add the user account to > > the
> > Remote Desktop users group.
> >
> > Logging in to the console does not require administrative privilege, > > but you
> > need either Administrative or Remote Desktop User privileges for RD > > in
> > general.
> >
> > -- > > Josh Rosenberg [MSFT]
> > SDE - Terminal Services
> >
> >
> > "PeteB" <PeteB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > news:B2C632B0-B6C0-43A3-95E8-C6A059E1D566@xxxxxxxxxxxxxxxx
> > > Hi,
> > > I have an application which will not run as a service, and needs to > > > be
> > > started from the console.
> > > I have created a non admin user for this purpose, and am able to > > > RDP to a
> > > console session on 3 servers, and start the application process's.
> > > On a fourth server I cannot logon to the console via RDP unless the > > > user
> > > is
> > > made a member of the Local Administrators group. The user can > > > access the
> > > console directly, but not via an RDP session as a non administrator
> > > Any ideas on what the difference could be between the servers?
> > > Cheers
> > > Pete
> > >
> >

.

Relevant Pages

  • Re: help- problem with MMC and devmgmt
    ... so the system32, Windows, and wbem are the first three in ... >> save a new console, or any event log messages when you ... >>> I could not find Deny of Full Control for the Administrators to try ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Remote Desktop Shadowing for Non-Adminsitrators
    ... Other option you have is to use Remote Assistance except it require someone ... on the console to accept the invite. ... >> To be able to logon to the console session you need the "logon locally"> right, which can be given in the local security policy or via GPO. ... >> I have setup TCP-RDP permissions to allow members of a domain group> Full ...
    (microsoft.public.windows.terminal_services)
  • RE: Server 2003 console issue
    ... Server 2003 Standard. ... can see the Administrator logged on to the console session. ... The ONLY way that I have been able to restore the console session is to ... Furthermore the first admin will no ...
    (microsoft.public.windows.server.general)
  • Re: Log off or Lock file server console
    ... If there are more administrators in the house for that server then you ... The difference is that when you lock the console your profile and all your ... If you logoff your profile is ...
    (microsoft.public.win2000.security)
  • Re: New TSClient to W2k3 AD Server
    ... Sounds like you are trying to connect to the console session, ... should see your existing console connection + the current ... from install of new microsoft RDP client (From Windows Update, ...
    (microsoft.public.windows.terminal_services)
Loading