Client previously had 2 dektop machines acting as servers and running Windows 2000 advanced server. 23 machines on the network, one of which is a proper server being used as a desktop machine and running XP Pro. This machine was acting as the server for the accounting software. On odd occasions, the software support company would need remote access to the accounting machine, this was achieved using RDP with port 3389 being forwarded to the accounts server (Which was in use as the accountants desktop).
They now have a new server running Windows 2003 standard and have moved the accounts software onto this. The software company insisted that the server must have a full copy of the application on ther server to enable them to perform essential maintenance work, this was therefore done. I now need to allow them access to the server desktop with without giving them the administrator username/password.
I *know* that the server should always be used as a server only and not as a workstation but the software company and client both insist that it must be done this way. I am not concerned with the RDP port, this is closed for 99% of the time and opened only when required, this has always been the way and they have a policy covering this. I have created a user for the login and made him a member of the 'remote desktop users' group, I have also granted remote access to this server desktop for this user from the 'start/control panel/system/remote/select remote users' screen but I am still getting a message to the effect that the 'log on through terminal services' right needs to be given to this user - my question is, how do I do this? Will the user have full access to the system? (Hopefully not, it is not an admin account)