• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 133
  • Last Modified:

Terminal Server

Hello;

At our sight we have TS running. Clients cannot only log onto the TS is they are a member of the Admin group. Otherwise they get a message saying that the local policy osf this system doesnt allow you to log on interactively.
I have verified that the Domain users and the Everyone group has permission to log on locally and to access from the network. Also verified that they are not a member of any group that cannot. I cannot see what else it could be?

Thanks

Lee
0
Brazilee
Asked:
Brazilee
  • 5
  • 5
  • 2
  • +1
1 Solution
 
HousenetCommented:
Lee the domain policy is where you have to allow this.
-I persomally would create a group called TSUsers .. Edit the domain policy & allow TSUsers to logon locally.
-Add the users you want to TSUsers group..
-Then in RDP-TCP properties permissions.. Add TSUsers with user or guest access.
0
 
HousenetCommented:
p.s unless you issue a secedit /refreshpolicy /machine_policy .you will not notice the effective setting for several minutes.
0
 
BrazileeAuthor Commented:
I did as you suggested but am still getting the same message?
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
BrazileeAuthor Commented:
I did as you suggested but am still getting the same message?
0
 
HousenetCommented:
Brazilee set it in domain controller policy as well
0
 
AvonWyssCommented:
In the Administrative Tools, open the Terminal Services Configuration. Go to Connections, and open the properties of "RDP-Tcp". Go to "Permissions" tab, and set up the users/groups which should be allowed access.
0
 
geoffrynCommented:
Do you have the Terminal Services installed in Remote Admin mode or Application Mode?  In Remote Admin, only members of the administrators group are allowed to connect.  You may need to change the mode and license in application mode.
0
 
AvonWyssCommented:
geoffryn, while it is true that the default is only Admins can connect in Admin mode, the setting I described can still be used to allow other groups access to TS in any mode. Of course, this doesn't change the 2-user limit which is imposed by the admin mode.
0
 
BrazileeAuthor Commented:
It is running in Application mode. I gave the appropiate permissions in the TS Config. As far as setting it on the Domain controller. I set it for Local and Domain policies
0
 
HousenetCommented:
Brazilee , what about domain controller policy ?
-Are you saying it still denies you access ?
0
 
BrazileeAuthor Commented:
It is running in Application mode. I gave the appropiate permissions in the TS Config. As far as setting it on the Domain controller. I set it for Local and Domain policies
0
 
HousenetCommented:
Brazilee .... There is ... Domain security policy... Domain controller security policy, & local security Policy in administrative tools...  
-Im not asking you if you set the domain policy on the domain controller.... Im asking .. Did you set the logon locally right in the "domain controller security policy"....

0
 
BrazileeAuthor Commented:
That was it-Thanks Housenet
0

Featured Post

[Webinar] Kill tickets & tabs using PowerShell

Are you tired of cycling through the same browser tabs everyday to close the same repetitive tickets? In this webinar JumpCloud will show how you can leverage RESTful APIs to build your own PowerShell modules to kill tickets & tabs using the PowerShell command Invoke-RestMethod.

  • 5
  • 5
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now