Link to home
Start Free TrialLog in
Avatar of gsgi
gsgiFlag for United States of America

asked on

2003 TS Rights

I have a w2k domain with a bunch of users in a group probably called users.  everyone uses citrix and everyone is a power user, not much security needed here.  Anyway, added some 2003 servers and installed ts and the license server etc and when we try to log on a user some message about manually adding them to the ts rights group comes up.

how do i put the users group for the domain in the ts rights group on the two 2003 servers?

thanks,
gsgi
Avatar of MSE-dwells
MSE-dwells
Flag of Yemen image

The group it's likely referring to is called "Remote Desktop Users", add the users there.
Did you make either of the 2003 server domain servers?  If not then the group above does not exist.  Instead you will need to either Create a TS Group or take an existing group (Power Users for example) and add the group into the local group policy of each server:

Start --> Administrator Tools --> Local Security Policy
Expand Local Policies --> User Rights Assignment
Locate and modify the policy named - Allow login through Terminal Services

-saige-
weareit: that's incorrect -- the group does indeed exist; it's a local group editable via Local User and Computers and is assigned the right you mentioned by default.
Avatar of gsgi

ASKER

I did join both 2003 servers to the w2000 domain.

so do i add all of the users individually to Remote Desktop Users or just somehow add the domain level group called "users" to it?

thanks,
gsgi
I'd suggest you add the Domain Users group to the local Remote Desktop Users ... or you can push out a policy that equates to the same end-result.
My apologies, dwells...  I was under the impression that Remote Desktop Users was a group new to Active Directory with Server 2003.  I was not aware that it was a new default local group.

gsgi, my question should have read did you make either one of the 2003 server domain controllers?

-saige-
Avatar of gsgi

ASKER

yeah when i click on the rdu group on the 2003 server i do not see any users or groups from the 2000 domain
... add the Domain Users group and try the logon again.
Avatar of gsgi

ASKER

ok, i typed it in and it took it.  don't know why hitting add doesn't show you them in the list.  but it does not work.  i added the user name DOMAIN/user to the group too, and it still does not work.
Avatar of gsgi

ASKER

ok, i can log on from remote desktop, the error is coming when i try to connect with citrix client.  weird
ASKER CERTIFIED SOLUTION
Avatar of MSE-dwells
MSE-dwells
Flag of Yemen image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of gsgi

ASKER

yes it is underlining the names - i think adding them worked, as rdp connects.
on the 2003 box I am admin making changes to the users groups, but via the citrix and rdp sessions I am connecting as a user.

yes the same message.
Avatar of gsgi

ASKER

in my citrix client i have it set to start a program.  if i remove that, it works.
My experience with Citrix is limited, is Metaframe actually installed on this 2003 machine or are you just trying to use their client?
Ah, just read your last response ... understood.  What's the program?
Avatar of gsgi

ASKER

metaframe is on the 2003 server.  i am connecting from an xp machine.

if i tell rdp to start the app, and set the logon of that user, it still does not work.

so i think we can eliminate citrix and just troubleshoot rdp not being able to start the app.

same error.

Nod, got that ... see my previous response ....
Avatar of gsgi

ASKER

i set it to c:\windows\notepad.exe - which is correct on the 2003 server and I get the same error
If you run TSCC.MSC and select Connections in the left pane, right click the RDP-TCP object in the right pane and select Properties.  Select the environment tab, what is the configured option?
Avatar of gsgi

ASKER

the middle one

run initial program ...
Avatar of gsgi

ASKER

i forced it to notepad and removed notepad from the rdp client.  got the same error.
... then I'd have to say this is an artifact of the Citrix installation.  Perhaps there's a similar more configurable option in their admin. tools.

PS - was there anything other than RDP-TCP in the right pane?
Avatar of gsgi

ASKER

yes, the ICA protocol.

that's ok, you answered the original question.

i'll repost this question...  i searched google and found nothing.

-gsgi
Avatar of gsgi

ASKER

you were close with the tscc.msc thing

run  mfcfg which is the citrix version of tscc.msc.
double click on ica-tcp click advanced and uncheck "only run published applications"
double click on rdp-tcp click advanced and uncheck "only run published applications"

since you were close go post the answer and I'll give you the points.
https://www.experts-exchange.com/questions/22897716/Citrix-TS-ICA-RDP-program-won't-start.html
That's really not necessary, but thank you.  I'm glad I could help ... are you not able to retract the question and return your points?
Avatar of gsgi

ASKER

Well, i'd like it documented here in the faq.  so someone else has to post the answer.  -gsgi
Fair enough, I'll paste my earlier response along with your addendum ...
Avatar of gsgi

ASKER

Thank you!