"Access is denied" when trying to manage remote desktop

Do the individaul machines in question have Remote Dektop enabled? (Allow users to connect remotely to this computer) checked?

Hi Netman66
Just a question regarding point 5. If the stations are members of a domain and you are a member of an Admin group then that should be enough is it not?

Normally, yes.  When a workstation joins a domain, by default the Domain Admins group gets added the local Administrators group - however, it's not uncommon to see it removed by a savvy end user that has enough rights to be dangerous.  Another thing that can cause the group to be removed is if you implemented Restricted Groups and neglected to include the DA group in the configuration - this would be evident if you purposely were setting them up since you would be aware of any immediate change for the worse.

Please see my answer in this post:  http:Q_21316331.htm

That should resolve your problem.

Jeff @
TechSoEasy

TechSoEasy -

Page not found for your link.

oops, it dropped the "l" http:Q_21316331.html

Thanks TechsoEasy

Actually, Im not using terminal services - I'm trying to connect to a remote desktop through the computer management add-in within the MMC.

Any ideas?

Thanks again!


 

You have to start the remote registry service if you want to connect remotely to a workstation

Do you have any routers inside your network topography?  If so, port 3389 needs to be open.  

Try this, just for kicks... Open computer management on one of the PC's, and go to Local User's and Groups.  Expand Groups, and double-click the Remote Desktop User's group.  Add your DOMAIN user name SPECIFICALLY (rather than being part of a group).  Close & log off.

Then try to connect using those credentials... if you can connect then it's something like Netman66 described above... if you still cannot connect, face northward and repeat the following words, "Mercury is in Retrograde -- weird stuff happens".  

We'll keep trying.

Jeff @
TechSoEasy

Seems like Netman66's suggestions regarding duplicate reverse lookup zone entries was the solution.

I'm noticing many duplicate entries with only one entry containing the current correct ip address.

How do I clean this up aside from going in there and deleting all the old entries?

what will reloading it do?

Thanks again!

Scavenging might help, however if the hostname is the same but with different IP's then Scavenging might still consider them current.

You can enable it and the right click the zone and select Scavenge Now to force and immediate parse - if entries continue to exist, then the best advise is to delete the CONTENTS (note the emphasis) of the Reverse Lookup Zone and all your HOST records from the Forward Zone except the server records.  Restart the Netlogon service on each server to reregister missing records.

The PCs will populate the zones on next boot.

Thanks guys for all your help -

Netman66 - I saw your resonse on scavenging - I awarded 50 points to joedoe58 being he was first to post the scavenging remark.

Thanks again to everyone for your help!!

No problem at all.

Glad to help.

One last follow question -

Why in the heck do I have current host records that have record time stamps a few months old?

Don't all hosts re-register every 24 hours?

Wouldn't registering give a new time stamp?

Thanks again!

If i remember right you see the creaton date. if you want to see the actual refresh time stamp you have to enable advanced view

Thanks joedoe58 -

I can't find that option -

When I right click a host record and click properties, I can only see the record time stamp.

I found an article some months ago that explained how to do it, but now I can not find it again