Solved

Locked out of RDP, again!

Posted on 2006-10-23
7
508 Views
Last Modified: 2008-01-09
Hello, I’ve lost the ability to connect to my Windows Server 2003R2 administrative terminal server, with any domain admin account.

I get this message when I login in with any of my credentials:

To log on to this remote computer, you must have Terminal Server User access permissions on this computer.  By default, members of the Remote Desktop Users group have these permissions. If you are not a member to the Remote Desktop Users group or another group that has these permissions, or it the Remote Desktop User group does not have these permissions, you must be granted these permissions manually.


There is no RDP group, because this is a mixed domain I manually added the domain administrators thru the Terminal Services Configuration.

I checked the default domain controllers GPO and all the administrator groups are in the login rights, it is the only GPO that applies.

I've rebooted twice already.

I had this problem before and it went away, and it was working as far back as last week.  Is there something in the registry I can check, or should I just format this troublesome factory preloaded software, and put Windows 2003 back on myself?

Thanks- Corey
0
Comment
Question by:royaltech
  • 3
  • 2
7 Comments
 
LVL 5

Expert Comment

by:usacadena
Comment Utility
try start -> run -> type "mstsc /console" -> lhit ok
log on locally


the group is found when you right click on my computer -> properties- > Remote tab- > Select remote users
make sure allow users to connect is checked off



0
 

Author Comment

by:royaltech
Comment Utility
Thanks, the mstsc /console part works, but this is a domain controler, there are no remote users, just AD members.
0
 
LVL 5

Expert Comment

by:usacadena
Comment Utility
in the built-in container there is a group "Remote Desktop Users" which "Members in this group are granted the right to logon remotely" Adding a user to this group will enable them to have remote access only.

Ray
0
 

Author Comment

by:royaltech
Comment Utility
These are the only members of that group:

Name      Type      Description      
Account Operators      Security Group - Domain Local      Members can administer domain user and group accounts      
Administrators      Security Group - Domain Local      Administrators have complete and unrestricted access to the computer/domain      
Backup Operators      Security Group - Domain Local      Backup Operators can override security restrictions for the sole purpose of backing up or restoring files      
Guests      Security Group - Domain Local      Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted      
Pre-Windows 2000 Compatible Access      Security Group - Domain Local      A backward compatibility group which allows read access on all users and groups in the domain      
Print Operators      Security Group - Domain Local      Members can administer domain printers      
Replicator      Security Group - Domain Local      Supports file replication in a domain      
Server Operators      Security Group - Domain Local      Members can administer domain servers      
Users      Security Group - Domain Local      Users are prevented from making accidental or intentional system-wide changes.  Thus, Users can run certified applications, but not most legacy applications      
0
 
LVL 5

Accepted Solution

by:
usacadena earned 250 total points
Comment Utility
reference to restore ad groups => http://support.microsoft.com/kb/840001
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now