Terminal Services clients permissions
Okay, I have terminal services running on a W2k3 member server on my network. I finally got the clients to connect okay, but I had to put their group they belong to in the local administrators group to get it to work. When the clients logon to the TS session, they get the "configure your server" window, which tells me they have way too high of permissions. I cannot get it to work any other way though. I just want the TS clients to be able to run an application on the W2k3 member server through terminal services without giving them administrator privileges. Is this possible? And if so, can you give me a hint or two?
Thanks,
Cheese
Thanks,
Cheese
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The administrators group is automatically a member of the remote desktop users group which is why they can connect by default.
ASKER
I had initially put them into the remote desktop user group to no avail?
Interesting. Do you have a licensing server set up? I'm running three 2003 TS devices and the remote desktop users group is definately where non administrative users need to be placed for connectivity. What is the particular error that comes up when they try to log in without being in the admin group?
ASKER
The W2k3 Server is the only W2k3 device on my network, so it is the license server also. My network is W2k otherwise. It has been a couple of weeks since I have done this, so I think the message was something like, Access denied, you do not have privileges to access this server. It was something like that. It was not the denial of local logon, it was something referencing permissions or privileges.
I've done a little testing and the default message of a user that can't log into the server is "The local policy of this system does not allow you to log on interactively". At this point I would suggest the following:
1 Create a dummy account with no priveleges on the server and try to log in. Document the results in this forum
2 Add the dummy account to the remote desktop users group and see if you get a different error message. Again please post the results here
This will give us a clear picture of where the breakdown is occuring.
1 Create a dummy account with no priveleges on the server and try to log in. Document the results in this forum
2 Add the dummy account to the remote desktop users group and see if you get a different error message. Again please post the results here
This will give us a clear picture of where the breakdown is occuring.
ASKER
I'm sorry I haven't had time recently to get back to this topic. I will submit a comment soon, when I have the time to fiddle with this some more. I greatly appreciate your patience.
Cheese
Cheese
ASKER
I'm back! I guess I'll restart with; If I put the users into the remote desktop users group, when they log on to the TS, do they log on locally or to the domain?
ASKER
I have also had some issues with my Citrix server as of late in regards to licensing. It appears to me that the licensing server has to be a DC. The TS server of issue here is not a DC. So, do I have to place the TS licenses on a DC and point the TS server to the license server?