Remote desktop access for non-administrator user

Posted on 2007-07-20
Last Modified: 2013-11-21
Client previously had 2 dektop machines acting as servers and running Windows 2000 advanced server. 23 machines on the network, one of which is a proper server being used as a desktop machine and running XP Pro. This machine was acting as the server for the accounting software. On odd occasions, the software support company would need remote access to the accounting machine, this was achieved using RDP with port 3389 being forwarded to the accounts server (Which was in use as the accountants desktop).

They now have a new server running Windows 2003 standard and have moved the accounts software onto this. The software company insisted that the server must have a full copy of the application on ther server to enable them to perform essential maintenance work, this was therefore done. I now need to allow them access to the server desktop with without giving them the administrator username/password.

I *know* that the server should always be used as a server only and not as a workstation but the software company and client both insist that it must be done this way. I am not concerned with the RDP port, this is closed for 99% of the time and opened only when required, this has always been the way and they have a policy covering this. I have created a user for the login and made him a member of the 'remote desktop users' group, I  have also granted remote access to this server desktop for this user from the 'start/control panel/system/remote/select remote users' screen but I am still getting a message to the effect that the 'log on through terminal services' right needs to be given to this user - my  question is, how do I do this? Will the user have full access to the system? (Hopefully not, it is not an admin account)
Question by:ScorpioUltima
    LVL 10

    Assisted Solution

    Start|Run, type secpol.msc, go to security options and find appropriate policy.

    LVL 29

    Accepted Solution

           Hi ScorpioUltima
                    You should add this user to the "Allow logon through terminal services" policy. In server, please
                   *In left pane, expand Computer Configuration>Windows settings>Security Settings>Local policies>User Rights Assignment
                   *Now in right-pane, double-click "Allow log on through terminal services" then click add and add this user.
                    *Start>run>gpupdate /force


    Author Comment

    Thanks :)
    LVL 29

    Expert Comment

    by:Alan Huseyin Kayahan
         You are welcome,
               "and find appropriate policy"
                        interesting assistance :)


    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    The environment that this is running in is SCCM 2007 R2 running on a Windows 2008 R2 server. The PXE Distribution point is running on its own Windows 2008 R2 box. This is what Event viewer showed after trying to start the WDS service:  An erro…
    I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now