javajo
asked on
"Access is denied" when trying to manage remote desktop
Good afternoon -
XP Pro SP2 on the desktops -
Using Active Directory Users and Computers 2003 to administer users and desktops
Does anyone have any idea why I sometimes get an Access is Denied error when trying to view a remote desktop using the Computer Management tool.
I have admin rights on our domain
XP SP2 firewall disabled on desktops
I am able to ping machine
Am able to connect to the remote registry on remote machine
Any ideas?
Any help is always appreciated -
XP Pro SP2 on the desktops -
Using Active Directory Users and Computers 2003 to administer users and desktops
Does anyone have any idea why I sometimes get an Access is Denied error when trying to view a remote desktop using the Computer Management tool.
I have admin rights on our domain
XP SP2 firewall disabled on desktops
I am able to ping machine
Am able to connect to the remote registry on remote machine
Any ideas?
Any help is always appreciated -
Do the individaul machines in question have Remote Dektop enabled? (Allow users to connect remotely to this computer) checked?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi Netman66
Just a question regarding point 5. If the stations are members of a domain and you are a member of an Admin group then that should be enough is it not?
Just a question regarding point 5. If the stations are members of a domain and you are a member of an Admin group then that should be enough is it not?
Normally, yes. When a workstation joins a domain, by default the Domain Admins group gets added the local Administrators group - however, it's not uncommon to see it removed by a savvy end user that has enough rights to be dangerous. Another thing that can cause the group to be removed is if you implemented Restricted Groups and neglected to include the DA group in the configuration - this would be evident if you purposely were setting them up since you would be aware of any immediate change for the worse.
Please see my answer in this post: http:Q_21316331.htm
That should resolve your problem.
Jeff @
TechSoEasy
That should resolve your problem.
Jeff @
TechSoEasy
ASKER
TechSoEasy -
Page not found for your link.
Page not found for your link.
ASKER
Thanks TechsoEasy
Actually, Im not using terminal services - I'm trying to connect to a remote desktop through the computer management add-in within the MMC.
Any ideas?
Thanks again!
Actually, Im not using terminal services - I'm trying to connect to a remote desktop through the computer management add-in within the MMC.
Any ideas?
Thanks again!
You have to start the remote registry service if you want to connect remotely to a workstation
Do you have any routers inside your network topography? If so, port 3389 needs to be open.
Try this, just for kicks... Open computer management on one of the PC's, and go to Local User's and Groups. Expand Groups, and double-click the Remote Desktop User's group. Add your DOMAIN user name SPECIFICALLY (rather than being part of a group). Close & log off.
Then try to connect using those credentials... if you can connect then it's something like Netman66 described above... if you still cannot connect, face northward and repeat the following words, "Mercury is in Retrograde -- weird stuff happens".
We'll keep trying.
Jeff @
TechSoEasy
Try this, just for kicks... Open computer management on one of the PC's, and go to Local User's and Groups. Expand Groups, and double-click the Remote Desktop User's group. Add your DOMAIN user name SPECIFICALLY (rather than being part of a group). Close & log off.
Then try to connect using those credentials... if you can connect then it's something like Netman66 described above... if you still cannot connect, face northward and repeat the following words, "Mercury is in Retrograde -- weird stuff happens".
We'll keep trying.
Jeff @
TechSoEasy
ASKER
Seems like Netman66's suggestions regarding duplicate reverse lookup zone entries was the solution.
I'm noticing many duplicate entries with only one entry containing the current correct ip address.
How do I clean this up aside from going in there and deleting all the old entries?
what will reloading it do?
Thanks again!
I'm noticing many duplicate entries with only one entry containing the current correct ip address.
How do I clean this up aside from going in there and deleting all the old entries?
what will reloading it do?
Thanks again!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Scavenging might help, however if the hostname is the same but with different IP's then Scavenging might still consider them current.
You can enable it and the right click the zone and select Scavenge Now to force and immediate parse - if entries continue to exist, then the best advise is to delete the CONTENTS (note the emphasis) of the Reverse Lookup Zone and all your HOST records from the Forward Zone except the server records. Restart the Netlogon service on each server to reregister missing records.
The PCs will populate the zones on next boot.
You can enable it and the right click the zone and select Scavenge Now to force and immediate parse - if entries continue to exist, then the best advise is to delete the CONTENTS (note the emphasis) of the Reverse Lookup Zone and all your HOST records from the Forward Zone except the server records. Restart the Netlogon service on each server to reregister missing records.
The PCs will populate the zones on next boot.
ASKER
Thanks guys for all your help -
Netman66 - I saw your resonse on scavenging - I awarded 50 points to joedoe58 being he was first to post the scavenging remark.
Thanks again to everyone for your help!!
Netman66 - I saw your resonse on scavenging - I awarded 50 points to joedoe58 being he was first to post the scavenging remark.
Thanks again to everyone for your help!!
No problem at all.
Glad to help.
Glad to help.
ASKER
One last follow question -
Why in the heck do I have current host records that have record time stamps a few months old?
Don't all hosts re-register every 24 hours?
Wouldn't registering give a new time stamp?
Thanks again!
Why in the heck do I have current host records that have record time stamps a few months old?
Don't all hosts re-register every 24 hours?
Wouldn't registering give a new time stamp?
Thanks again!
If i remember right you see the creaton date. if you want to see the actual refresh time stamp you have to enable advanced view
ASKER
Thanks joedoe58 -
I can't find that option -
When I right click a host record and click properties, I can only see the record time stamp.
I can't find that option -
When I right click a host record and click properties, I can only see the record time stamp.
I found an article some months ago that explained how to do it, but now I can not find it again