Re: Had to add Administrator to Remote Desktop Users group to use

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

---

• From: Helge Klein <Helge.Klein@xxxxxxxxxxxxxx>
• Date: Tue, 12 Jun 2007 00:16:47 -0700

---

Login through terminal services is governed by security in two places:

- Permissions on the RDP listener
- Security option (mentioned by you): Allow/Deny through terminal
services

The group Remote Desktop Users is just a shortcut for configuring
those. You should check the settings that are in effect on your DC.

I hope this helps.

Helge

On 11 Jun., 21:29, bfessenden <bfessen...@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote:

Sorry - I forgot to specify that:

I get the standard "To logon to this remote computer, you must be granted
the Allow log on through Terminal Services right..." that you would get with
a regular user not in the RDU's group.

Bret

"Helge Klein" wrote:

What error message do you get when trying to TS into the DC and the
admin account used is _not_ a member of the Remote Desktop Users?

Helge

On 11 Jun., 19:08, bfessenden <bfessen...@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote:

Hi,

I just setup a new domain with one new domain controller running Windows
2003 R2 SP2. I have made no changes, aside from password policy to any GPO,
and I have added no new GPOs.

After connecting a existing terminal server as a member server to the new
domain, I could no longer RDC in with any administrator account to the
*domain controller*.

I did have to add Domain Users to the local Remote Desktop Users group on
the terminal server, and they can login to the terminal server fine. I can
also login as an administrator (either local or domain) to the terminal
server ok.

But I cannot login as an administrator to the DC, unless I add the
administrator to the Remote Desktop Users group on the DC.

I haven't been able to find any info about this, because all my searches
just end up being explanations about how to make a regular user a member of
Remote Desktop Users.

I also have not tried to implement any GPO's to "Allow login through
Terminal Services", etc., because I have never done that with any of my other
domain controllers, and I have always been able to login as an admin with no
problem (assuming the System Properties "Allow users to connect remotely" has
been checked on the DC).

Have I just mis-configured something, or is my brand new DC having a serious
issue? I wouldn't worry, except that Microsoft specifically says not to add
admins to the RDU's group.

Any help would be appreciated. Thanks.

Bret

.

---

• Follow-Ups:
  • Re: Had to add Administrator to Remote Desktop Users group to use
    • From: bfessenden

• References:
  • Re: Had to add Administrator to Remote Desktop Users group to use RDC.
    • From: Helge Klein

• Prev by Date: Re: incoming user IP address
• Next by Date: Re: unable to contact license service
• Previous by thread: Re: Had to add Administrator to Remote Desktop Users group to use RDC.
• Next by thread: Re: Had to add Administrator to Remote Desktop Users group to use
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Cannot Log Remotely Being a Remote User ... Double-click "Allow log on through Terminal Services" ... Remote Desktop Users if it is in the list and click the ... Well, I hope my users group permissions are well assigned, How ... I am in the way to setup a mirroring server and I ... (microsoft.public.windows.terminal_services) Re: TS Login Problem to challenge the brightest TS Gurus ... it is not very likely that group policy corruption on PDC has ... Policy settings that control access to Terminal Services. ... Check permissions on TS Connection object ... Make sure all users are in the LOCAL Remote Desktop Users group on the ... (microsoft.public.windows.terminal_services) Re: TS Login Problem to challenge the brightest TS Gurus ... The Terminal Services profile tab is apart of the domain account. ... MCSE, CCEA, Microsoft MVP - Terminal Server ... Check permissions on TS Connection object (aka ... Make sure all users are in the LOCAL Remote Desktop Users ... (microsoft.public.windows.terminal_services) Re: Had to add Administrator to Remote Desktop Users group to use ... If you set the user right "Allow logon through terminal services" to ... changed it back to "not defined", ran gpupdate, and removed the administrator ... from the remote desktop users group, and now I can login as any domain admin. ... the terminal server, and they can login to the terminal server fine. ... (microsoft.public.windows.terminal_services) Re: How to menage feew MS TS from one console.. ? ... the Terminal Services Manager offer the option to connect to as many computers as you like. ... You shouldn't even have to login to another computer to look at the connections to it. ... next I have to login to selected server and from Terminal Service Manager take control. ... Now I'd like to find user "ThomasD", and when I connect to Terminal Servicec Manager I see only Users from this server where I'm login, I don't see users from another server (Just I don't have access to two others servers from this console, only I have acces to user from current server where I'm login). ... (microsoft.public.windows.terminal_services)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.terminal_services  > 2007-06