Re: Users can only login to one TS server

To see why my users couldn't login to the other servers I checked that they
were members of the remote login group in AD and that their AD profile didn't
have any ticks against them logging in remotely. I also checked that the
remote desktop user group was in the the rdp-tcp connection on the local
computer. What I didn't realise till coming here was that the desktop user
group on the server was local to that machine and not the AD group. So what I
did was add my users to the remote desktop group on the local machine and now
login works fine.

My question is why can't I just add my users in AD and see them show up on
any server running terminal services? Really what I want is a way to do this
so I'm not constatly adding removing users on individual servers.
Thanks a lot
Jared

"Vera Noest [MVP]" wrote:

What do you mean with "the local tcp group"?
And what do you set in AD?

The *only* thing you have to do is to make the users (or better: a
group to which the users belong) members of the local Remote
Desktop Users group on the TS.
Assuming a default installation, this will automatically give them
the "Logon through Terminal Services" right, as well as the proper
permissions on the rdp-tcp connection.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?SmFyZWQ=?= <Jared@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote on 17
okt 2007 in microsoft.public.windows.terminal_services:

It turned out I was checking the local tcp group but I didn't
know I needed to add the user to the local desktop users as
well. Why do I set this in AD if I still need to add them to the
local computer. Is there a way to automate this when they are
added to the remote desktop group?

"Vera Noest [MVP]" wrote:

If you don't know if your server is a Domain Controller, it
probably (hopefully :-) isn't.
You can check it by running Start - Administrative tools -
Active Directory Users and Computers. Find your server's
computer account, it's probably either in the OU "Domain
Controllers" or in the OU "Computers". Right-click the computer
account - Properties. On the General tab, there's a box named
"Role". This lists it either as a "Domain Controller", or a
"Workststation or Server."

To check membership of the local Remote Desktop User group:
Start - Administrative tools - Computer Management - Local
users and Groups - Groups - Remote Desktop Users.
_________________________________________________________
Vera Noest MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?SmFyZWQ=?= <Jared@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote on
17 okt 2007 in microsoft.public.windows.terminal_services:

I thought yes to both but how can I confirm?
Thanks


"Vera Noest [MVP]" wrote:

Are all servers member servers in a domain?
Are the users members of the local built-in Remote Desktop
Users group on each server?
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?SmFyZWQ=?= <Jared@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote
on 17 okt 2007 in
microsoft.public.windows.terminal_services:

Hi,
We have 3 terminal servers running windows 2003 SP2 R2.
One is working correctly. When the same user tries to
access another server they get this error: "you must be
granted the Allow logon through terminal services right.
Members of the remote desktop users have this right." I
don't know if it makes a difference but the one working
server ix x64 and the other 2 aren't. I tried changing the
group policy to allow logon through terminal services but
this didn't help. Any other suggestions? Thanks

.

Relevant Pages

  • Re: Cannot connect to remote server
    ... That IP address does not resolve to any server that I ... However, if I put it into Remote Desktop, it does try to connect ... When to try to establish the remote desktop session, ... I have a feeling that you were using RDP 5.1 with Windows XP SP2. ...
    (microsoft.public.windows.server.sbs)
  • Re: Users can only login to one TS server
    ... I also checked that the remote desktop user group was in the the rdp-tcp connection on the local computer. ... What I didn't realise till coming here was that the desktop user group on the server was local to that machine and not the AD group. ... The *only* thing you have to do is to make the users members of the local Remote Desktop Users group on the TS. ...
    (microsoft.public.windows.terminal_services)
  • RE: Remote Desktop Connection does not work
    ... returned to the local desktop screen that I initiated the remote connection ... connected remote desktop session. ... >>I have just recently setup a new server using SBS 2003. ...
    (microsoft.public.windows.server.sbs)
  • Re: Remote Connected on VPN - NOW what?
    ... I am able to connect to our server and login as the administrator. ... "Connectivity to the remote computer could not be established. ... I think my PIX firewall is blocking access using RWW. ... the "connect to my computer at work" Remote Desktop option. ...
    (microsoft.public.windows.server.sbs)
  • Remote Desktop Shadowing for Non-Adminsitrators
    ... Does anyone know a way to grant console shadowing through Remote Desktop to ... I have setup TCP-RDP permissions to allow members of a domain group Full ... Control of the Remote Desktop session, but these users cannot connect to the ... How to Connect to and Shadow the Console Session with Windows Server 2003 ...
    (microsoft.public.windows.terminal_services)
Quantcast