[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
9.4

User credentials are different to Logged on user account when accessing Windows 2003 Server over Remote Desktop

Asked by PaudhlLambert in Remote Desktop/Terminal Services, Active Directory, Windows 2003 Server

Tags: Microsoft, 2003 Server, Standard edition, Remote Desktop

Hello Experts,

I have an unusual situation occurring when I am logging on a user over Remote Desktop.
I am not sure if anything can be done to solve the issue, but perhaps someone could explain why this is happening?
I aplogise for the detailed explanation below but I hope it helps to clarify what is happening!!


The current network setup is as follows:
There is a 2003 Small Business Server Premium Ediiton on domain.local.
This server also has MS Virtual Server 2005 installed and I have a Guest 2003 Server Standard edition installed on the Virtual Server, also joined to domain.local as a member server.

I have a user who is currently logging onto the domain successfully as 'username'.

I am setting up this same user to access the guest server over remote dekstop, loggin on as 'username_remote'.
Username_remote has a roaming profile located in a network share \\sbsserver\user_profiles$\username_remote and folder redirection to \\sbsserver\user_folders$\username_remote.
The roaming profile is configured in the User Properties\Profile\Profile path as \\sbsserver\user_profiles$\username_remote.

The folder redirection is applied to a Folder Redirection Group using a Group Policy called Folder Redirection Policy under User Configuration\Windows Settings\Folder Redirection\ for Applicatino data, Desktop, MyDocuments and Start Menu, all pointing to \\sbsserver\user_profiles$\username_remote.
The user is then made a member of the Folder Redirection Group.

I have also created a Group Policy called Remote Access Policy which is applied to a Group called Remote Access Group.
This policy configures many aspects of the username_remote workspace when logged in as username_remote.
Username_remote is a member of this group.

The outcome I desired when username_remote logged on was that user would log on and the GPOs be applied and set the workspace accordingly.
This is in fact what happens, to start with, before I start configuring programs, in particular MS Outlook.

However, things change when I have configured the MS Outlook client to connect to the SBS Exchange Server.

Because I wish user and username_remote to access the same mailbox, I configure Outlook in the remote profile to access the username mailbox.
This is not a problem in itself and works fine, up to a point.
When username_remote logs on and opens Outlook he is prompted for a username and password, which are username and username's password.

The problem starts when username_remote ticks the option to 'Save the password'.

Now when username_remote finishes his session logs off and then logs on again, the profile has changed.
Oultlook now opens without prompting for credetials for username.

I could see that now the Remote Access Policy did not appear to be applied, giving username_remote a different profile and workspace.

I spent ages trying to figure out what was going wrong.
I checked the Group Policy Results in GP Management and sure enough the Remote Access Policy was NOT being applied.
I deleted and recreated the user account, created additional user accounts applying the same procedure, and everytime I configured MS Outlook the profile would change.

I then looked at what was happening in the Event Viewer of the Guest Server.
The Security Events showed where the problem was:

When username_remote logged on, BEFORE MS OUTLOOK IS CONFIGURED, the follwing events occured:
Event ID: 528,
Type: Succes A,
Successful Logon,
User Name: username_remote

Now AFTER MS OUTLOOK HAS BEEN CONFIGURED, the following events occured at logon:
Event ID: 528,
Type: Success A,
Successful Logon,
User Name: username_remote

Event ID:552,
Type: Success A,
Logon attempt using explicit credentials:
Logged on user: User Name: username_remote
User whose credentials were used:
Target User Name: username

So, what I deduce from this is, username_remote is logging on to the Domain Controller, then username is logging onto the Exchange Server before the Remote Access Group Policy is being applied.

After all that, I suppose my questions are:

1. Does this make sense?!!!
2. Is this how it should work?
3. Is it possible to keep the mailbox the same for these two different users and make this work, without the danger of the profile getting changed?
[+][-]04/10/08 12:07 PM, ID: 21328257Accepted Solution

View this solution now by starting your 30-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

About this solution

Zones: Remote Desktop/Terminal Services, Active Directory, Windows 2003 Server
Tags: Microsoft, 2003 Server, Standard edition, Remote Desktop
Sign Up Now!
Solution Provided By: tsmvp
Participating Experts: 1
Solution Grade: A
 
[+][-]04/10/08 11:38 AM, ID: 21327972Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]04/10/08 11:52 AM, ID: 21328115Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]04/10/08 12:36 PM, ID: 21328525Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]04/11/08 07:25 AM, ID: 21334539Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]04/11/08 08:35 AM, ID: 21335243Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]04/11/08 08:57 AM, ID: 21335447Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]04/11/08 10:35 AM, ID: 21336362Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]04/13/08 09:36 AM, ID: 21345255Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
 
Loading Advertisement...
20091118-EE-VQP-93 / EE_QW_2_20070628