Solved

Terminal Services clients permissions

Posted on 2004-10-28
257 Views
Last Modified: 2010-04-19
Okay, I have terminal services running on a W2k3 member server on my network.  I finally got the clients to connect okay, but I had to put their group they belong to in the local administrators group to get it to work.  When the clients logon to the TS session, they get the "configure your server" window, which tells me they have way too high of permissions.  I cannot get it to work any other way though.  I just want the TS clients to be able to run an application on the W2k3 member server through terminal services without giving them administrator privileges.  Is this possible?  And if so, can you give me a hint or two?

Thanks,
Cheese
0
Question by:cheesebugah
    9 Comments
     
    LVL 9

    Accepted Solution

    by:
    Take them out of the administrators group and put them into the remote desktop users group on the Terminal Server.  This is a change from 2000 terminal services.  
    0
     
    LVL 9

    Expert Comment

    by:SamuraiCrow
    The administrators group is automatically a member of the remote desktop users group which is why they can connect by default.
    0
     

    Author Comment

    by:cheesebugah
    I had initially put them into the remote desktop user group to no avail?
    0
     
    LVL 9

    Expert Comment

    by:SamuraiCrow
    Interesting.  Do you have a licensing server set up?  I'm running three 2003 TS devices and the remote desktop users group is definately where non administrative users need to be placed for connectivity.  What is the particular error that comes up when they try to log in without being in the admin group?
    0
     

    Author Comment

    by:cheesebugah
    The W2k3 Server is the only W2k3 device on my network, so it is the license server also.  My network is W2k otherwise.  It has been a couple of weeks since I have done this, so I think the message was something like, Access denied, you do not have privileges to access this server.  It was something like that.  It was not the denial of local logon, it was something referencing permissions or privileges.  
    0
     
    LVL 9

    Expert Comment

    by:SamuraiCrow
    I've done a little testing and the default message of a user that can't log into the server is "The local policy of this system does not allow you to log on interactively".  At this point I would suggest the following:

    1 Create a dummy account with no priveleges on the server and try to log in.  Document the results in this forum

    2 Add the dummy account to the remote desktop users group and see if you get a different error message.  Again please post the results here

    This will give us a clear picture of where the breakdown is occuring.
    0
     

    Author Comment

    by:cheesebugah
    I'm sorry I haven't had time recently to get back to this topic.  I will submit a comment soon, when I have the time to fiddle with this some more.  I greatly appreciate your patience.

    Cheese
    0
     

    Author Comment

    by:cheesebugah
    I'm back!  I guess I'll restart with;  If I put the users into the remote desktop users group, when they log on to the TS, do they log on locally or to the domain?
    0
     

    Author Comment

    by:cheesebugah
    I have also had some issues with my Citrix server as of late in regards to licensing.  It appears to me that the licensing server has to be a DC.  The TS server of issue here is not a DC.  So, do I have to place the TS licenses on a DC and point the TS server to the license server?
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
    So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
    This video Micro Tutorial is the first in a two-part series that shows how to create and use custom scanning profiles in Nuance's PaperPort 14.5 (http://www.experts-exchange.com/articles/17490/). But the ability to create custom scanning profiles al…
    This video discusses moving either the default database or any database to a new volume.

    846 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now