mjeet
asked on
Remote Desktop User cannot log into Terminal Server 2003
I have a DC and now setup another computer to be the terminal server. The DC is running SBS 2003 and terminal server is running 2003 too. The Domain admins can RDP into the terminal server but the Remote Desktop Users cannot RDP in. They get the error "To log on to this remote computer , you must have Terminal Server User Access permissions on this computer. ....". I also added the Remote Desktop Users to the windows settings/local policies/user rights assignments/Allow log in Terminal Servers in the group policy. It worked for some time and now it is giving me the same error "To log on to this remote computer , you must have Terminal Server User Access permissions on this computer. ...."
you have to enable the policy at the domain controller level not on the domain level as the default domain controller policy overtakes the default domain policy. you got it set up right but on the wrong place
ASKER
I am sorry if my question was not clear but why doesn't just adding the the user to the "Remote Desktop Users" allow the user to log in.
ASKER
Toni,
Currently the windows settings/local policies/user rights assignments/Allow log in Terminal Servers has Administrators, Remote Desktop Users, Domain\User1 on both the terminal server machine and the DC machine. User1 is also a member of "Remote Desktop Users". But User1 cannot still rdp into terminal server.
Currently the windows settings/local policies/user rights assignments/Allow log in Terminal Servers has Administrators, Remote Desktop Users, Domain\User1 on both the terminal server machine and the DC machine. User1 is also a member of "Remote Desktop Users". But User1 cannot still rdp into terminal server.
Check properties of user1 in AD? There is a checkbox, which can be used to deny connection to TS.
ASKER
I do not see anything specific for TS.
Go to ADUC, double click user, go to Terminal Services Profile tab, there should be Allow or Deny checkbox at the borrom of the window.
ASKER
The Terminal Services profile page only has a "Deny this user permission to log on to any Terminal Server" and that box is unchecked.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I added the remote operators group in TDP-tcp and gave it full permission and it worked. You the man Toni.
How is windows settings/local policies/user rights assignments/Allow log in Terminal Servers now configured?
Toni