Cannot run application via RDP Terminal Server Connection unless Admin, runs fine via LAN connected PC
Windows Server 2003 (Small Business Server) and Windows Server 2003 - Terminal Server; both servers have all current Microsoft patches.
All users can run the company Business System (Byte) from any LAN connected PC.
When connected to the SBS server via RDP (remote desktop connection) using the Terminal Server, only users with Domain Admins group membership can run the program. We added this group membership to one of the normal users, and the software worked fine, just like it does wen connected to the server via their office computer, on the LAN.
If we remove the Domain Admins group membership, the business system will not start. We have confirmed that the user has "allow user to log in remotely via terminal server" enabled, and have followed numerous KBs and found everything set.
Users (without Domain Admins membership) are able to connect via RDP, and do everything else. Is there another setting that we have missed?
All users can run the company Business System (Byte) from any LAN connected PC.
When connected to the SBS server via RDP (remote desktop connection) using the Terminal Server, only users with Domain Admins group membership can run the program. We added this group membership to one of the normal users, and the software worked fine, just like it does wen connected to the server via their office computer, on the LAN.
If we remove the Domain Admins group membership, the business system will not start. We have confirmed that the user has "allow user to log in remotely via terminal server" enabled, and have followed numerous KBs and found everything set.
Users (without Domain Admins membership) are able to connect via RDP, and do everything else. Is there another setting that we have missed?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The actual program is on the SBS server. The client side of the program is installed on the Terminal Server, and configured the same as a normal PC client would be. All users can run the program from their PC, without any administrator rights. From the Terminal Server (whether via RDP or at the physical keyboard), they can not start the program.
We are wondering if the user needs some sort of local administrator rights on the terminal server, for some reason.
We are wondering if the user needs some sort of local administrator rights on the terminal server, for some reason.
Does the program support being installed on a Terminal Server?
Is Terminal Services Application Server installed on the Terminal Server along with proper TS CAL licensing?
Jeff
TechSoEasy
Is Terminal Services Application Server installed on the Terminal Server along with proper TS CAL licensing?
Jeff
TechSoEasy
How to install a Terminal Server to host remote desktops in an SBS Environment: http://sbsurl.com/sbstss
Jeff
TechSoEasy
Jeff
TechSoEasy
ASKER
The program runs fine, if the user account has administrator or domain admin rights.
It appears that the problem is a rights issue. It may be possible that the program creates temporary files, and the non-admin user account does not have sufficient rights.
It appears that the problem is a rights issue. It may be possible that the program creates temporary files, and the non-admin user account does not have sufficient rights.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks to both of you for your contributions towards solving this issue.
I had to include the domain user as a member of the local Administrators Group, on the terminal server. By tracing the files that were assessed, I saw that the domain user account did not have the right to create temporary files as/where needed on ther terminal server. (Of course, that is why an administrator was able to run the software.)
Adding the domain users to the loacal Administrators Group on the terminal server allowed them to create the necessary temporary files, without giving these users full rights on the primary server and domain.
I had to include the domain user as a member of the local Administrators Group, on the terminal server. By tracing the files that were assessed, I saw that the domain user account did not have the right to create temporary files as/where needed on ther terminal server. (Of course, that is why an administrator was able to run the software.)
Adding the domain users to the loacal Administrators Group on the terminal server allowed them to create the necessary temporary files, without giving these users full rights on the primary server and domain.
Couldn't you have also just granted the Domain Users full permissions on the directory where the temporary files are created?
Jeff
TechSoEasy
Jeff
TechSoEasy
Or is this running on the Terminal Server?
Jeff
TechSoEasy