orbiker
asked on
Logging in via Terminal Services - Access denied to network resources available when logged in locally.
I have some users that login remotely via a Terminal Server. We have apps and files they need access to. They are all members of the same group (remote users) yet some can access the resources and some can't (same resources for all). All of them can access some apps and files. All have the same mapped drives to the resources. They all can access the resources when logging in locally (not via terminal services). When access is denied there aren't any event errors associated with the failed access. Some of the files reside on the SBS 2003 server and the app that some can access and some can't resides on another server. The error that appears when trying to access the apps or files reads; "Windows can not access the specified device, path or file. You may not have the appropriate permissions to access the item." Like I say they are members of the same security group/s.
Anybody come across something like this before?
Anybody come across something like this before?
Are you using a separate Terminal Server or Terminal Services on an SBS Box?
Is a VPN involved?
a little more info would be helpful.
whats the app that doesn't work?
If i have this straight... you have 3 servers and multiple workstations. 1TermServer, 1FileServer and 1SBSServer.
apps work from 1TERM to 1SBS for everyone (multiple people can run the app at the same time). apps work for some people from 1TERM to 1FILE(multiple people can run the app at the same time but some people can never run the app). apps work from all WORKSTATIONS to 1SBS and 1FILE.
you have verified that everyone gets the same drive mappings on the terminal server and the workstations. the people that can run the app don't have additional privledges. everyone gets the same client drive mappings and drive redirection(terminal services profile).
you have added the drive letter of the mapped drive to the local Internet Zone settings in internet explorer on the terminal server.
whats the app that doesn't work?
If i have this straight... you have 3 servers and multiple workstations. 1TermServer, 1FileServer and 1SBSServer.
apps work from 1TERM to 1SBS for everyone (multiple people can run the app at the same time). apps work for some people from 1TERM to 1FILE(multiple people can run the app at the same time but some people can never run the app). apps work from all WORKSTATIONS to 1SBS and 1FILE.
you have verified that everyone gets the same drive mappings on the terminal server and the workstations. the people that can run the app don't have additional privledges. everyone gets the same client drive mappings and drive redirection(terminal services profile).
you have added the drive letter of the mapped drive to the local Internet Zone settings in internet explorer on the terminal server.
ASKER
Yes the Terminal Server is on a separate box. It is published through ISA 2004, which is on it's own box.
No a VPN is not involved.
Thanks for the quick replies.
No a VPN is not involved.
Thanks for the quick replies.
ASKER
SBS 2003 box running Exchange and is the file server in this case.
Terminal Server running on Windows 2003 (separate box from SBS)
ISA Server 2004 (separate box from SBS and TServer) publishing terminal server
MRP program running on Windows 2003 (also on separate box)
So four separate servers. 1 DC and 3 member servers.
We have 8 sales people that connect to us via RDP to the Terminal Server using an IP address. All sales people are member of same security group/s (remote users) along with some other groups but all the same. Their groups are added to the shares/security of the resources. All have same mapped drives. Four can access the MRP program and 4 can't. Same result with some files on the SBS box. Some files on the SBS box are available to all.
The only thing I have been able to find that is different is "some" (I don't know how many yet but can't see that it matters) of the users were added to SBS via an RDP session from one of the techs inside the network where the others were added by logging on locally to the SBS box. IOW the tech logged into the SBS box using an RDP session to create the users (some, maybe all, the ones that aren't working) but all were created using the "Add User" wizard.
I have not looked to see the "zones" in IE but will when I get back there.
Thanks
Terminal Server running on Windows 2003 (separate box from SBS)
ISA Server 2004 (separate box from SBS and TServer) publishing terminal server
MRP program running on Windows 2003 (also on separate box)
So four separate servers. 1 DC and 3 member servers.
We have 8 sales people that connect to us via RDP to the Terminal Server using an IP address. All sales people are member of same security group/s (remote users) along with some other groups but all the same. Their groups are added to the shares/security of the resources. All have same mapped drives. Four can access the MRP program and 4 can't. Same result with some files on the SBS box. Some files on the SBS box are available to all.
The only thing I have been able to find that is different is "some" (I don't know how many yet but can't see that it matters) of the users were added to SBS via an RDP session from one of the techs inside the network where the others were added by logging on locally to the SBS box. IOW the tech logged into the SBS box using an RDP session to create the users (some, maybe all, the ones that aren't working) but all were created using the "Add User" wizard.
I have not looked to see the "zones" in IE but will when I get back there.
Thanks
ASKER
I checked the IE zone settings and they are the same on both logins. Here is what I've discovered since Friday. I can't open a link on the desktop that points to an Access db on the network but I can open Access then navigate to the same file and it opens fine. I think the solution to this will also fix the other problem. Any ideas out there?
Thanks
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks!