[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 132
  • Last Modified:

Terminal Server

Hello;

At our sight we have TS running. Clients cannot only log onto the TS is they are a member of the Admin group. Otherwise they get a message saying that the local policy osf this system doesnt allow you to log on interactively.
I have verified that the Domain users and the Everyone group has permission to log on locally and to access from the network. Also verified that they are not a member of any group that cannot. I cannot see what else it could be?

Thanks

Lee
0
Brazilee
Asked:
Brazilee
  • 5
  • 5
  • 2
  • +1
1 Solution
 
HousenetCommented:
Lee the domain policy is where you have to allow this.
-I persomally would create a group called TSUsers .. Edit the domain policy & allow TSUsers to logon locally.
-Add the users you want to TSUsers group..
-Then in RDP-TCP properties permissions.. Add TSUsers with user or guest access.
0
 
HousenetCommented:
p.s unless you issue a secedit /refreshpolicy /machine_policy .you will not notice the effective setting for several minutes.
0
 
BrazileeAuthor Commented:
I did as you suggested but am still getting the same message?
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
BrazileeAuthor Commented:
I did as you suggested but am still getting the same message?
0
 
HousenetCommented:
Brazilee set it in domain controller policy as well
0
 
AvonWyssCommented:
In the Administrative Tools, open the Terminal Services Configuration. Go to Connections, and open the properties of "RDP-Tcp". Go to "Permissions" tab, and set up the users/groups which should be allowed access.
0
 
geoffrynCommented:
Do you have the Terminal Services installed in Remote Admin mode or Application Mode?  In Remote Admin, only members of the administrators group are allowed to connect.  You may need to change the mode and license in application mode.
0
 
AvonWyssCommented:
geoffryn, while it is true that the default is only Admins can connect in Admin mode, the setting I described can still be used to allow other groups access to TS in any mode. Of course, this doesn't change the 2-user limit which is imposed by the admin mode.
0
 
BrazileeAuthor Commented:
It is running in Application mode. I gave the appropiate permissions in the TS Config. As far as setting it on the Domain controller. I set it for Local and Domain policies
0
 
HousenetCommented:
Brazilee , what about domain controller policy ?
-Are you saying it still denies you access ?
0
 
BrazileeAuthor Commented:
It is running in Application mode. I gave the appropiate permissions in the TS Config. As far as setting it on the Domain controller. I set it for Local and Domain policies
0
 
HousenetCommented:
Brazilee .... There is ... Domain security policy... Domain controller security policy, & local security Policy in administrative tools...  
-Im not asking you if you set the domain policy on the domain controller.... Im asking .. Did you set the logon locally right in the "domain controller security policy"....

0
 
BrazileeAuthor Commented:
That was it-Thanks Housenet
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 5
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now