We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now


Remote desktop access for non-administrator user

Medium Priority
Last Modified: 2013-11-21
Client previously had 2 dektop machines acting as servers and running Windows 2000 advanced server. 23 machines on the network, one of which is a proper server being used as a desktop machine and running XP Pro. This machine was acting as the server for the accounting software. On odd occasions, the software support company would need remote access to the accounting machine, this was achieved using RDP with port 3389 being forwarded to the accounts server (Which was in use as the accountants desktop).

They now have a new server running Windows 2003 standard and have moved the accounts software onto this. The software company insisted that the server must have a full copy of the application on ther server to enable them to perform essential maintenance work, this was therefore done. I now need to allow them access to the server desktop with without giving them the administrator username/password.

I *know* that the server should always be used as a server only and not as a workstation but the software company and client both insist that it must be done this way. I am not concerned with the RDP port, this is closed for 99% of the time and opened only when required, this has always been the way and they have a policy covering this. I have created a user for the login and made him a member of the 'remote desktop users' group, I  have also granted remote access to this server desktop for this user from the 'start/control panel/system/remote/select remote users' screen but I am still getting a message to the effect that the 'log on through terminal services' right needs to be given to this user - my  question is, how do I do this? Will the user have full access to the system? (Hopefully not, it is not an admin account)
Watch Question

Start|Run, type secpol.msc, go to security options and find appropriate policy.


Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Top Expert 2007
       Hi ScorpioUltima
                You should add this user to the "Allow logon through terminal services" policy. In server, please
               *In left pane, expand Computer Configuration>Windows settings>Security Settings>Local policies>User Rights Assignment
               *Now in right-pane, double-click "Allow log on through terminal services" then click add and add this user.
                *Start>run>gpupdate /force



Thanks :)
Top Expert 2007

     You are welcome,
           "and find appropriate policy"
                    interesting assistance :)

Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.