Solved

Proper way to give user access to terminal server

Posted on 2006-06-23
5
288 Views
Last Modified: 2010-04-18
My first terminal server set-up I seem to remember putting using in security group i.e. TS_Users and adding that security group in Terminal Services Configuration > Connection > Properties > Permissions >  with Guest access. Last one I tried adding to  TS_Users (and individual users) to RDP Users Group in AD and that did not work, Adding TS_Users security group to TSConfiguration did not work as it did before. I ended up having to add each user individually to Terminal Services Configuration with Permissions.

I am now setting up another terminal server. What is proper way to grant users access?
0
Comment
Question by:AndykEE
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 

Author Comment

by:AndykEE
ID: 16973571
PS this is DC in a single server domain, yes I know that is not recomended.
0
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 400 total points
ID: 16974645
we do exactly that in our small sites, single DC with TS, simply add the users to the RDP users group and also add the group under terminal services configuration, you may also need to check the local policy on the DC and make sure they are permitted to log in
0
 
LVL 9

Accepted Solution

by:
vsg375 earned 100 total points
ID: 16975074
Hi,

Jay has it right. Just make sure that these users have the "log on locally" permissions on this computer. That would mean allowing them to log on to a DC, but since they are "basic" users, they won't harm anything in your AD infrastructure.

HTH
Cheers
0
 

Author Comment

by:AndykEE
ID: 16978630
Where do I give permissions to log on locally? Is it Admin tools > Default Domain Controller Security Settings > Local Polocies > User Rights Assignment > All log on locally Properties > add users ?

Before post I had tried to do this in Group Policy Mgt > Default Domain Policy but was spooked by warning that if correct access rights where not given some things would not function right.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16978760
thats the correct policy - ignore that message, its just an additional security note
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question