Solved

Locked out of RDP, again!

Posted on 2006-10-23
7
518 Views
Last Modified: 2008-01-09
Hello, I’ve lost the ability to connect to my Windows Server 2003R2 administrative terminal server, with any domain admin account.

I get this message when I login in with any of my credentials:

To log on to this remote computer, you must have Terminal Server User access permissions on this computer.  By default, members of the Remote Desktop Users group have these permissions. If you are not a member to the Remote Desktop Users group or another group that has these permissions, or it the Remote Desktop User group does not have these permissions, you must be granted these permissions manually.


There is no RDP group, because this is a mixed domain I manually added the domain administrators thru the Terminal Services Configuration.

I checked the default domain controllers GPO and all the administrator groups are in the login rights, it is the only GPO that applies.

I've rebooted twice already.

I had this problem before and it went away, and it was working as far back as last week.  Is there something in the registry I can check, or should I just format this troublesome factory preloaded software, and put Windows 2003 back on myself?

Thanks- Corey
0
Comment
Question by:royaltech
  • 3
  • 2
7 Comments
 
LVL 5

Expert Comment

by:usacadena
ID: 17793343
try start -> run -> type "mstsc /console" -> lhit ok
log on locally


the group is found when you right click on my computer -> properties- > Remote tab- > Select remote users
make sure allow users to connect is checked off



0
 

Author Comment

by:royaltech
ID: 17844058
Thanks, the mstsc /console part works, but this is a domain controler, there are no remote users, just AD members.
0
 
LVL 5

Expert Comment

by:usacadena
ID: 17844699
in the built-in container there is a group "Remote Desktop Users" which "Members in this group are granted the right to logon remotely" Adding a user to this group will enable them to have remote access only.

Ray
0
 

Author Comment

by:royaltech
ID: 17844758
These are the only members of that group:

Name      Type      Description      
Account Operators      Security Group - Domain Local      Members can administer domain user and group accounts      
Administrators      Security Group - Domain Local      Administrators have complete and unrestricted access to the computer/domain      
Backup Operators      Security Group - Domain Local      Backup Operators can override security restrictions for the sole purpose of backing up or restoring files      
Guests      Security Group - Domain Local      Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted      
Pre-Windows 2000 Compatible Access      Security Group - Domain Local      A backward compatibility group which allows read access on all users and groups in the domain      
Print Operators      Security Group - Domain Local      Members can administer domain printers      
Replicator      Security Group - Domain Local      Supports file replication in a domain      
Server Operators      Security Group - Domain Local      Members can administer domain servers      
Users      Security Group - Domain Local      Users are prevented from making accidental or intentional system-wide changes.  Thus, Users can run certified applications, but not most legacy applications      
0
 
LVL 5

Accepted Solution

by:
usacadena earned 250 total points
ID: 17847820
reference to restore ad groups => http://support.microsoft.com/kb/840001
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Ms Filer Server Migration toolkit issues 2 72
Auto-Enrollment Group Policy 2 48
Moving RDP Server to New Server. 3 56
Big Problem with Redirected Folder 8 44
The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question