We help IT Professionals succeed at work.

Remote Desktop User cannot log into Terminal Server 2003

7,223 Views
Last Modified: 2013-11-21
I have a DC and now setup another computer to be the terminal server. The DC is running SBS 2003 and terminal server is running 2003 too. The Domain admins can RDP into the terminal server but the Remote Desktop Users cannot RDP in. They get the error "To log on to this remote computer , you must have Terminal Server User Access permissions on this computer. ....". I also added the Remote Desktop Users to the windows settings/local policies/user rights assignments/Allow log in Terminal Servers in the group policy. It worked for some time and now it is giving me the same error "To log on to this remote computer , you must have Terminal Server User Access permissions on this computer. ...."
Comment
Watch Question

Toni UranjekConsultant/Trainer

Commented:
Hi!

How is windows settings/local policies/user rights assignments/Allow log in Terminal Servers now configured?

Toni
CERTIFIED EXPERT

Commented:
you have to enable the policy at the domain controller level not on the domain level as the default domain controller policy overtakes the default domain policy. you got it set up right but on the wrong place

Author

Commented:
I am sorry if my question was not clear but why doesn't just adding the the user to the "Remote Desktop Users" allow the user to log in.

Author

Commented:
Toni,
   Currently the windows settings/local policies/user rights assignments/Allow log in Terminal Servers has Administrators, Remote Desktop Users, Domain\User1 on both the terminal server machine and the DC machine. User1 is also a member of "Remote Desktop Users". But User1 cannot still rdp into terminal server.
Toni UranjekConsultant/Trainer

Commented:
Check properties of user1 in AD? There is a checkbox, which can be used to deny connection to TS.

Author

Commented:
I do not see anything specific for TS.
Toni UranjekConsultant/Trainer

Commented:
Go to ADUC, double click user, go to Terminal Services Profile tab, there should be Allow or Deny checkbox at the borrom of the window.

Author

Commented:
The Terminal Services profile page only has a "Deny this user permission to log on to any Terminal Server" and that box is unchecked.
Consultant/Trainer
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
I added the remote operators group in TDP-tcp and gave it full permission and it worked. You the man Toni.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.