• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1302
  • Last Modified:

Cannot login to Windows 2003 via Terminal Services?

Hello -

I have a Windows 2003 Domain Member server with Terminal Services installed.  Sp1.

Administrators can connect to this box via RDP, but Domain Users cannot.  However, Domain Users CAN log in via the console.  

In the local Management Groups, I have (Domain)\Domain Users added to the Remote Desktop Group.

I have verified the Local Security Settings to allow the Remote Desktop Group the right to log on locally.

Any troubleshooting ideas?  I get this message:

"To log on to this remote computer, you must have Terminal Server User Access permissions on this computer.  By default, mmebers of the Remote Desktop Users group have these permissions.  If you are not a member of the Remote Desktop Users group or another group that has these permissions, or if the Remote Dekstop User group does not have these permissions, you must be granted these permissions manually."  (I guess I didn't need to type that all out).... :D

Jason
0
trivalent
Asked:
trivalent
  • 3
  • 2
1 Solution
 
Craig_200XCommented:
There should be a Users group rather than computer group name Remote Desktop Users. You have to be a member of that in order to use Terminal services or Remote desktop. The administrator account is a member by default, which is why you can connect. That is what makes me think everything else is OK. It's located (on the terminal server machine):
Computer management | Local users and groups | Groups | Remote Desktop Users

Also in active directory, users and computers, under the users profile on the domain controler, there is a tab labeled Terminal services profile. Near the bottom there is a check box. On some systems it is labeled "Deny the user permission to log on to any terminal server" and on others "Allow Logon to Terminal Server". make sure it is checked appropriately. I believe the default is to allow, so that may not be an issue.

0
 
Craig_200XCommented:
also check

In administrative tools - local security policy - then local policies - User rights assignments -

Check if remote desktop users is added in the 'allow logon through terminal servers' right.
0
 
trivalentAuthor Commented:
Craig:

>There should be a Users group rather than computer group name Remote Desktop Users. You have to be a member of that in order to use Terminal services or Remote desktop.

Under Local Management on this server, under Groups, I have the (Domain)\Domain Users inside the Remote Desktop Users Group.  

>On some systems it is labeled "Deny the user permission to log on to any terminal server" and on others "Allow Logon to Terminal Server". make sure it is checked appropriately.

I did check this, it is not enabled.

>Check if remote desktop users is added in the 'allow logon through terminal servers' right.

Yes, I have done this.  Remote Dekstop Users have this right.
0
 
trivalentAuthor Commented:
This has been resolved -

I didn't mention this in the question, to avoid complicating it -

But on top of Terminal Server I have Citrix Pres 4.0

It overwrites the RDP connection tool - and in there there is a checkbox that only allows RDP to be used for published applications only.

After unchecking this, it started working..

Points awarded for quick response....

Thank you!

Jason
0
 
Craig_200XCommented:
thank you for the points, and the explanation ! definately good info!
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now