markroe
asked on
Need admin rights to login ???
In order to run MSTC a user needs to to be a member of the local administrators group on the local machine.
User a/c are in the local remote desktop group.
I have put everyone to have the right log on locally. (just in case)
HOWEVER - When i take the users out of the local administrator group i get the following error message
"To log on to this remote console session you must have administration permission"
Why ???
How can i remove the admistartor rights and still allow USERS to use MSTC
thanks
User a/c are in the local remote desktop group.
I have put everyone to have the right log on locally. (just in case)
HOWEVER - When i take the users out of the local administrator group i get the following error message
"To log on to this remote console session you must have administration permission"
Why ???
How can i remove the admistartor rights and still allow USERS to use MSTC
thanks
MSTC is rather Remote Desktop Sharing .. To be able to allow also user to connect via Remote Desktop you need to give those user- usergroups permission to do so.
Right click "My Computer" -> "Properties" -> "Remote" -> "Select Remote Users"
This way also no-admins can join the PC.
Assigning no user the right to connect remote, only administrators are allowed to do so ...
Hope this helps
Right click "My Computer" -> "Properties" -> "Remote" -> "Select Remote Users"
This way also no-admins can join the PC.
Assigning no user the right to connect remote, only administrators are allowed to do so ...
Hope this helps
You might as well check the security settings
http://img212.imageshack.us/img212/990/untitled9mx1.jpg
http://img212.imageshack.us/img212/990/untitled9mx1.jpg
MSTSC = Microsoft Terminal Server Client
A user does not need Admin access to launch the terminal server client. If Terminal Services isn't installed on the server and you are running Remote Desktop to have them access the server then they will need Administrator access to get an interactive logon.
If you install Terminal Services on the server (Add/Remove Programs, Add/Remove Windows Componets) then the users just need to be a member of the "Remote Desktop Users" local group on the server.
Hope this helps!
A user does not need Admin access to launch the terminal server client. If Terminal Services isn't installed on the server and you are running Remote Desktop to have them access the server then they will need Administrator access to get an interactive logon.
If you install Terminal Services on the server (Add/Remove Programs, Add/Remove Windows Componets) then the users just need to be a member of the "Remote Desktop Users" local group on the server.
Hope this helps!
ASKER
The users are in "My Computer" -> "Properties" -> "Remote" -> "Select Remote Users"
Terminal services is installed on the server.
Still have issue of users needing to be in the local admins group to use Microsoft Terminal Server Client
Any ideas ?
Terminal services is installed on the server.
Still have issue of users needing to be in the local admins group to use Microsoft Terminal Server Client
Any ideas ?
Hi,
Can you answer my question to you at the top please? Are you using SBS (Small Business Server)?
If you are, then non-administrator group users will never be allowed to log on.
Can you answer my question to you at the top please? Are you using SBS (Small Business Server)?
If you are, then non-administrator group users will never be allowed to log on.
ASKER
No i am running windows 2003 sp1
Ok,
So if you're running vanilla 2003, the things to check for are:
Is the server running terminal Services in Application Server mode?
If it is not, the same as the SBS applies, i.e. You're running it in remote administration mode and therefore your users have to be a member of the Administrators group.
If it is in Application Server mode then you need a Terminal Server Licence Server installed on that box, or some other box on the network. This is needed to allow users to log into a RDC Session, however I suspect you haven't got a Licence Server installed as the error message then mentions no such server is available to process your request.
Can you confirm the above please?
So if you're running vanilla 2003, the things to check for are:
Is the server running terminal Services in Application Server mode?
If it is not, the same as the SBS applies, i.e. You're running it in remote administration mode and therefore your users have to be a member of the Administrators group.
If it is in Application Server mode then you need a Terminal Server Licence Server installed on that box, or some other box on the network. This is needed to allow users to log into a RDC Session, however I suspect you haven't got a Licence Server installed as the error message then mentions no such server is available to process your request.
Can you confirm the above please?
It appears to me that you are running in remote admistration mode which will not allow non-administrators to log on.
You will have to install full blown Terminal Services from Add/Remove programs - Add/Remove Windows Componets
You will have 90 days to install a licensing server (from add/remove) and add some licenses to it. This can be on the same machine.
Once you have Terminal Services installed your users need to be in the "Remote Desktop Users" group. (RC My Computer, manage, Users and Groups, Groups, Remote Desktop users...add your users here)
Let me know if this helps.
You will have to install full blown Terminal Services from Add/Remove programs - Add/Remove Windows Componets
You will have 90 days to install a licensing server (from add/remove) and add some licenses to it. This can be on the same machine.
Once you have Terminal Services installed your users need to be in the "Remote Desktop Users" group. (RC My Computer, manage, Users and Groups, Groups, Remote Desktop users...add your users here)
Let me know if this helps.
ASKER
How do i check the mode that i am running TS in.
If it is in remote administration mode how do i change it
Also the Terminal Services has valid licenses.
users are alredy in Remote Desktop Users
thank you
If it is in remote administration mode how do i change it
Also the Terminal Services has valid licenses.
users are alredy in Remote Desktop Users
thank you
ASKER
i did not do the install of TS, but I have been installed by the installer that TS was installed with all the defaults.
If the default install is remote administration mode (and that requires admin rights) then I would expect that to be the reason.
Can this be changed ???
If the default install is remote administration mode (and that requires admin rights) then I would expect that to be the reason.
Can this be changed ???
ASKER
i have just run the command
change user /?
and the output is
Application EXECUTE mode is enabled.
hope this helps
change user /?
and the output is
Application EXECUTE mode is enabled.
hope this helps
The default Terminal Services installation is Remote Administration. That is activated by default when you 'take it out of the box'. This allows for remote administration of the server, just like a Windows XP workstation if you enable Remote Desktop Connection. The only difference is that you are allowed two ADMINISTRATORS to be logged in concurrently.
But back to the server.....
Check to see if you have a Terminal Server Licensing Server installed. To to this, open Administrative Tools (Control Panel, Administrative Tools) and see if the Terminal Server Licensing applet is there.
If it is, open it and see if there is an Activated Server listed. If there is, see how many licenses are installed, and of those, how many are available.
If the Terminal Server Licensing applet is not there, then you have no Licensing Server installed and therefore must be running in Remote Administration mode.
If you want to install a License Server, install it through Add/Remove Programs, then Windows Components. Scroll down the list of installed components until you see Terminal Server Licensing, put a tick in the box and install it.
Once complete, you will have 180 days to install Licenses for your users. Choose wisely when you order the License as you have the choice of Per User or Per Seat.
Let us know how you get on.
But back to the server.....
Check to see if you have a Terminal Server Licensing Server installed. To to this, open Administrative Tools (Control Panel, Administrative Tools) and see if the Terminal Server Licensing applet is there.
If it is, open it and see if there is an Activated Server listed. If there is, see how many licenses are installed, and of those, how many are available.
If the Terminal Server Licensing applet is not there, then you have no Licensing Server installed and therefore must be running in Remote Administration mode.
If you want to install a License Server, install it through Add/Remove Programs, then Windows Components. Scroll down the list of installed components until you see Terminal Server Licensing, put a tick in the box and install it.
Once complete, you will have 180 days to install Licenses for your users. Choose wisely when you order the License as you have the choice of Per User or Per Seat.
Let us know how you get on.
ASKER
1). Terminal Server Licensing applet is there. And is issuing licenses.
I hope this is helpful
I hope this is helpful
ASKER
Currentlt there are 14 licenses available
Check Add/Remove programs, Add/Remove Windows Componets, Terminal Server...let me know if this option is checked.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
GOOD NEWS (We are moving forward)
with everyone group taken out of the local admin groups - users in the domain & and on the local machine can log on
BAD NEWS
As soon as the user (who is not a member of the local admin) goes past the log on screen the account is automatically logged off.
I would be keen to find out whty this is the case. Any suggestions ???
[In the meantime i have had to put the everyone group back into the local admins group to all users access ]
with everyone group taken out of the local admin groups - users in the domain & and on the local machine can log on
BAD NEWS
As soon as the user (who is not a member of the local admin) goes past the log on screen the account is automatically logged off.
I would be keen to find out whty this is the case. Any suggestions ???
[In the meantime i have had to put the everyone group back into the local admins group to all users access ]
ASKER
The answer is
Within the local policy of the server
the software restiction policy was set to disallowed i.e software will not run regardless of the access rights of the user.
Within the local policy of the server
the software restiction policy was set to disallowed i.e software will not run regardless of the access rights of the user.
I have seen similar situations when the Remote Desktop Client is set to log on to the console.
I've never heard of MSTC, but hopefully you're talking about Terminal Services. If you are, then carry on reading. If not, then ignore what's below! :0)
Can you be more specific about what version of Server 2003 you're using?
I know there's an issue with SBS whereby users have to be a member of the local Admin group as Terminal Services can only run in Remote Administration mode on an SBS box.
Let's confirm the above, and then take it from there.
Cheers,
Mark.