We help IT Professionals succeed at work.

New podcast episode! Our very own Community Manager, Rob Jurd, gives his insight on the value of an online community. Listen Now!

x

Cannot run application via RDP Terminal Server Connection unless Admin, runs fine via LAN connected PC

1,127 Views
Last Modified: 2013-11-21
Windows Server 2003 (Small Business Server) and Windows Server 2003 - Terminal Server; both servers have all current Microsoft patches.

All users can run the company Business System (Byte) from any LAN connected PC.  

When connected to the SBS server via RDP (remote desktop connection) using the Terminal Server, only users with Domain Admins group membership can run the program.  We added this group membership to one of the normal users, and the software worked fine, just like it does wen connected to the server via their office computer, on the LAN.  

If we remove the Domain Admins group membership, the business system will not start.  We have confirmed that the user has "allow user to log in remotely via terminal server" enabled, and have followed numerous KBs and found everything set.

Users (without Domain Admins membership) are able to connect via RDP, and do everything else.  Is there another setting that we have missed?
Comment
Watch Question

Top Expert 2008
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
I'm a bit confused by your question... you say, "When connected to the SBS server via RDP (remote desktop connection) using the Terminal Server"... do you mean that this program is running on the SBS?


Or is this running on the Terminal Server?

Jeff
TechSoEasy

Author

Commented:
The actual program is on the SBS server.  The client side of the program is installed on the Terminal Server, and configured the same as a normal PC client would be.  All users can run the program from their PC, without any administrator rights.  From the Terminal Server (whether via RDP or at the physical keyboard), they can not start the program.

We are wondering if the user needs some sort of local administrator rights on the terminal server, for some reason.
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
Does the program support being installed on a Terminal Server?

Is Terminal Services Application Server installed on the Terminal Server along with proper TS CAL licensing?

Jeff
TechSoEasy
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
How to install a Terminal Server to host remote desktops in an SBS Environment:  http://sbsurl.com/sbstss

Jeff
TechSoEasy

Author

Commented:
The program runs fine, if the user account has administrator or domain admin rights.

It appears that the problem is a rights issue.  It may be possible that the program creates temporary files, and the non-admin user account does not have sufficient rights.
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks to both of you for your contributions towards solving this issue.

I had to include the domain user as a member of the local Administrators Group, on the terminal server.  By tracing the files that were assessed, I saw that the domain user account did not have the right to create temporary files as/where needed on ther terminal server.  (Of course, that is why an administrator was able to run the software.)

Adding the domain users to the loacal Administrators Group on the terminal server allowed them to create the necessary temporary files, without giving these users full rights on the primary server and domain.
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
Couldn't you have also just granted the Domain Users full permissions on the directory where the temporary files are created?  

Jeff
TechSoEasy
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.