Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 527
  • Last Modified:

Locked out of RDP, again!

Hello, I’ve lost the ability to connect to my Windows Server 2003R2 administrative terminal server, with any domain admin account.

I get this message when I login in with any of my credentials:

To log on to this remote computer, you must have Terminal Server User access permissions on this computer.  By default, members of the Remote Desktop Users group have these permissions. If you are not a member to the Remote Desktop Users group or another group that has these permissions, or it the Remote Desktop User group does not have these permissions, you must be granted these permissions manually.


There is no RDP group, because this is a mixed domain I manually added the domain administrators thru the Terminal Services Configuration.

I checked the default domain controllers GPO and all the administrator groups are in the login rights, it is the only GPO that applies.

I've rebooted twice already.

I had this problem before and it went away, and it was working as far back as last week.  Is there something in the registry I can check, or should I just format this troublesome factory preloaded software, and put Windows 2003 back on myself?

Thanks- Corey
0
royaltech
Asked:
royaltech
  • 3
  • 2
1 Solution
 
usacadenaCommented:
try start -> run -> type "mstsc /console" -> lhit ok
log on locally


the group is found when you right click on my computer -> properties- > Remote tab- > Select remote users
make sure allow users to connect is checked off



0
 
royaltechAuthor Commented:
Thanks, the mstsc /console part works, but this is a domain controler, there are no remote users, just AD members.
0
 
usacadenaCommented:
in the built-in container there is a group "Remote Desktop Users" which "Members in this group are granted the right to logon remotely" Adding a user to this group will enable them to have remote access only.

Ray
0
 
royaltechAuthor Commented:
These are the only members of that group:

Name      Type      Description      
Account Operators      Security Group - Domain Local      Members can administer domain user and group accounts      
Administrators      Security Group - Domain Local      Administrators have complete and unrestricted access to the computer/domain      
Backup Operators      Security Group - Domain Local      Backup Operators can override security restrictions for the sole purpose of backing up or restoring files      
Guests      Security Group - Domain Local      Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted      
Pre-Windows 2000 Compatible Access      Security Group - Domain Local      A backward compatibility group which allows read access on all users and groups in the domain      
Print Operators      Security Group - Domain Local      Members can administer domain printers      
Replicator      Security Group - Domain Local      Supports file replication in a domain      
Server Operators      Security Group - Domain Local      Members can administer domain servers      
Users      Security Group - Domain Local      Users are prevented from making accidental or intentional system-wide changes.  Thus, Users can run certified applications, but not most legacy applications      
0
 
usacadenaCommented:
reference to restore ad groups => http://support.microsoft.com/kb/840001
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now