Remote desktop access for non-administrator user

Posted on 2007-07-20
Medium Priority
Last Modified: 2013-11-21
Client previously had 2 dektop machines acting as servers and running Windows 2000 advanced server. 23 machines on the network, one of which is a proper server being used as a desktop machine and running XP Pro. This machine was acting as the server for the accounting software. On odd occasions, the software support company would need remote access to the accounting machine, this was achieved using RDP with port 3389 being forwarded to the accounts server (Which was in use as the accountants desktop).

They now have a new server running Windows 2003 standard and have moved the accounts software onto this. The software company insisted that the server must have a full copy of the application on ther server to enable them to perform essential maintenance work, this was therefore done. I now need to allow them access to the server desktop with without giving them the administrator username/password.

I *know* that the server should always be used as a server only and not as a workstation but the software company and client both insist that it must be done this way. I am not concerned with the RDP port, this is closed for 99% of the time and opened only when required, this has always been the way and they have a policy covering this. I have created a user for the login and made him a member of the 'remote desktop users' group, I  have also granted remote access to this server desktop for this user from the 'start/control panel/system/remote/select remote users' screen but I am still getting a message to the effect that the 'log on through terminal services' right needs to be given to this user - my  question is, how do I do this? Will the user have full access to the system? (Hopefully not, it is not an admin account)
Question by:ScorpioUltima
  • 2
LVL 10

Assisted Solution

Cro0707 earned 800 total points
ID: 19531656
Start|Run, type secpol.msc, go to security options and find appropriate policy.

LVL 29

Accepted Solution

Alan Huseyin Kayahan earned 1200 total points
ID: 19531684
       Hi ScorpioUltima
                You should add this user to the "Allow logon through terminal services" policy. In server, please
               *In left pane, expand Computer Configuration>Windows settings>Security Settings>Local policies>User Rights Assignment
               *Now in right-pane, double-click "Allow log on through terminal services" then click add and add this user.
                *Start>run>gpupdate /force


Author Comment

ID: 19531756
Thanks :)
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 19531799
     You are welcome,
           "and find appropriate policy"
                    interesting assistance :)


Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question