?
Solved

2003 TS Rights

Posted on 2007-10-16
28
Medium Priority
?
214 Views
Last Modified: 2010-04-03
I have a w2k domain with a bunch of users in a group probably called users.  everyone uses citrix and everyone is a power user, not much security needed here.  Anyway, added some 2003 servers and installed ts and the license server etc and when we try to log on a user some message about manually adding them to the ts rights group comes up.

how do i put the users group for the domain in the ts rights group on the two 2003 servers?

thanks,
gsgi
0
Comment
Question by:gsgi
  • 14
  • 12
  • 2
28 Comments
 
LVL 9

Expert Comment

by:MSE-dwells
ID: 20088618
The group it's likely referring to is called "Remote Desktop Users", add the users there.
0
 
LVL 12

Expert Comment

by:weareit
ID: 20088842
Did you make either of the 2003 server domain servers?  If not then the group above does not exist.  Instead you will need to either Create a TS Group or take an existing group (Power Users for example) and add the group into the local group policy of each server:

Start --> Administrator Tools --> Local Security Policy
Expand Local Policies --> User Rights Assignment
Locate and modify the policy named - Allow login through Terminal Services

-saige-
0
 
LVL 9

Expert Comment

by:MSE-dwells
ID: 20088879
weareit: that's incorrect -- the group does indeed exist; it's a local group editable via Local User and Computers and is assigned the right you mentioned by default.
0
Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

 
LVL 13

Author Comment

by:gsgi
ID: 20088998
I did join both 2003 servers to the w2000 domain.

so do i add all of the users individually to Remote Desktop Users or just somehow add the domain level group called "users" to it?

thanks,
gsgi
0
 
LVL 9

Expert Comment

by:MSE-dwells
ID: 20089029
I'd suggest you add the Domain Users group to the local Remote Desktop Users ... or you can push out a policy that equates to the same end-result.
0
 
LVL 12

Expert Comment

by:weareit
ID: 20089082
My apologies, dwells...  I was under the impression that Remote Desktop Users was a group new to Active Directory with Server 2003.  I was not aware that it was a new default local group.

gsgi, my question should have read did you make either one of the 2003 server domain controllers?

-saige-
0
 
LVL 13

Author Comment

by:gsgi
ID: 20089118
yeah when i click on the rdu group on the 2003 server i do not see any users or groups from the 2000 domain
0
 
LVL 9

Expert Comment

by:MSE-dwells
ID: 20089156
... add the Domain Users group and try the logon again.
0
 
LVL 13

Author Comment

by:gsgi
ID: 20089213
ok, i typed it in and it took it.  don't know why hitting add doesn't show you them in the list.  but it does not work.  i added the user name DOMAIN/user to the group too, and it still does not work.
0
 
LVL 13

Author Comment

by:gsgi
ID: 20089220
ok, i can log on from remote desktop, the error is coming when i try to connect with citrix client.  weird
0
 
LVL 9

Accepted Solution

by:
MSE-dwells earned 2000 total points
ID: 20089234
When you hit add, you should enter 'Domain Users' and then click 'Check names', it should then underline the group for you indicating it was found (and resolved) -- please repeat this and let me know what occurred.

In addition, who are you logged on the Windows 2003 box as?  It should be a domain account (an admin is likely your only option at this stage).

Lastly, what's the error you're receiving?  The same?
0
 
LVL 13

Author Comment

by:gsgi
ID: 20089273
yes it is underlining the names - i think adding them worked, as rdp connects.
on the 2003 box I am admin making changes to the users groups, but via the citrix and rdp sessions I am connecting as a user.

yes the same message.
0
 
LVL 13

Author Comment

by:gsgi
ID: 20089282
in my citrix client i have it set to start a program.  if i remove that, it works.
0
 
LVL 9

Expert Comment

by:MSE-dwells
ID: 20089297
My experience with Citrix is limited, is Metaframe actually installed on this 2003 machine or are you just trying to use their client?
0
 
LVL 9

Expert Comment

by:MSE-dwells
ID: 20089312
Ah, just read your last response ... understood.  What's the program?
0
 
LVL 13

Author Comment

by:gsgi
ID: 20089330
metaframe is on the 2003 server.  i am connecting from an xp machine.

if i tell rdp to start the app, and set the logon of that user, it still does not work.

so i think we can eliminate citrix and just troubleshoot rdp not being able to start the app.

same error.

0
 
LVL 9

Expert Comment

by:MSE-dwells
ID: 20089352
Nod, got that ... see my previous response ....
0
 
LVL 13

Author Comment

by:gsgi
ID: 20089353
i set it to c:\windows\notepad.exe - which is correct on the 2003 server and I get the same error
0
 
LVL 9

Expert Comment

by:MSE-dwells
ID: 20089373
If you run TSCC.MSC and select Connections in the left pane, right click the RDP-TCP object in the right pane and select Properties.  Select the environment tab, what is the configured option?
0
 
LVL 13

Author Comment

by:gsgi
ID: 20089378
the middle one

run initial program ...
0
 
LVL 13

Author Comment

by:gsgi
ID: 20089392
i forced it to notepad and removed notepad from the rdp client.  got the same error.
0
 
LVL 9

Expert Comment

by:MSE-dwells
ID: 20089414
... then I'd have to say this is an artifact of the Citrix installation.  Perhaps there's a similar more configurable option in their admin. tools.

PS - was there anything other than RDP-TCP in the right pane?
0
 
LVL 13

Author Comment

by:gsgi
ID: 20089441
yes, the ICA protocol.

that's ok, you answered the original question.

i'll repost this question...  i searched google and found nothing.

-gsgi
0
 
LVL 13

Author Comment

by:gsgi
ID: 20090030
you were close with the tscc.msc thing

run  mfcfg which is the citrix version of tscc.msc.
double click on ica-tcp click advanced and uncheck "only run published applications"
double click on rdp-tcp click advanced and uncheck "only run published applications"

since you were close go post the answer and I'll give you the points.
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_22897716.html
0
 
LVL 9

Expert Comment

by:MSE-dwells
ID: 20090049
That's really not necessary, but thank you.  I'm glad I could help ... are you not able to retract the question and return your points?
0
 
LVL 13

Author Comment

by:gsgi
ID: 20090062
Well, i'd like it documented here in the faq.  so someone else has to post the answer.  -gsgi
0
 
LVL 9

Expert Comment

by:MSE-dwells
ID: 20090076
Fair enough, I'll paste my earlier response along with your addendum ...
0
 
LVL 13

Author Comment

by:gsgi
ID: 20090087
Thank you!
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
I have found that much of my time doing support ends up being a constant repetition of the same steps to different people.  Early on I stated using web pages with Frequently Asked Questions (FAQs) to alleviate most of the burden.  Sometimes this jus…
The goal of the tutorial is to teach the user how to set there setting in Adobe Flash Media Live Encoder and YouTube for optimal video and audio quality.
The goal of the tutorial is to teach the user how to use the auto adjust feature and what the different options do. When your video is not working right you can choose the auto adjust feature to help choose your settings.

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question