Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

To log onto this remote computer, you must be granted the Allow Log on through Terminal Services Right....

Posted on 2008-06-18
9
Medium Priority
?
33,218 Views
Last Modified: 2013-11-21
When I try to log onto a terminal server as a user it gives me the following error,   To log onto this remote computer, you must be granted the Allow Log on through Terminal Services Right....etc.    I have this user added as a remote desktop user on the domain controller and on the terminal server in question.  If I make the user a domain admin then they are able to log on but we do not want them to have these rights.  We have also made sure the Remote Desktop User group has the rights to log on using Terminal Services.  Any siggestions?
0
Comment
Question by:johnpatbullock
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 6

Expert Comment

by:raptorjb007
ID: 21814439
Add the domain "Remote Desktop users" group to the Terminal Server's local "Remote Desktop users" group. The local group has permissions to the RDP protocol by default. This configuration will allow you to manage which users can connect using the domain security group going forward.

If the terminal server is a DC there may be additional steps, if this is the case let me know.
0
 

Author Comment

by:johnpatbullock
ID: 21816517
This has been added and it still will not let me log on.  The terminal server is not the DC.
0
 
LVL 6

Accepted Solution

by:
raptorjb007 earned 1000 total points
ID: 21816745
There are a few places that need to be configured properly for TS to work.

1) The "allow logon through terminal services" right must be assigned to the user or group in question. This can be done through group policy or local policy. By default, remote desktop users is granted this right locally, you can do the same with a domain policy for good group organization.

2) Permissions to the RDP protocol must be added in (admin tools->Terminal services config->connections->RDP-tcp properties->Permissions). Usually remote desktop users is already listed but you may have to add it.

3) The "HKLM\system\currentcontrolset\control\terminal server\fDenyTSConnections" dword must be set to "0". This can also be accessed by right clicking "my computer" and choose properties, go to the "remote" tab, and check the box for "enable remote desktop on this computer.

Typically, I add "authenticated users" to the local remote desktop group, then grant remote desktop users permissions to the RDP-tcp protocol. I then grant the "allow logon through terminal services" right via group policy to the terminal server(locally or domain) to "authenticated users". This method allows all users to logon, you would have to use a security group if you only want to grant specific users access.

You can define the permissions for the user's/groups however you want. It is usually easiest to add the users you wish to allow to the domain group "remote desktop users", add the domain group to the local "remote desktop users" on the server for good measure, then reference the domain group in RDP permissions and the "allow logon.." policy setting.

Let me know if this helps.
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 39

Assisted Solution

by:ChiefIT
ChiefIT earned 1000 total points
ID: 21819456
Assuming this has never worked before, you have to manually configure RDP to allow log on.

Right click the "my compuer" icon> select "properties">> select the remote tab. In the middle of that tab you need to enable the checkbox that says something like "allow users to connect to this computer remotely" (By default, the only one with permissions is the domain administrator). To add other folks click the "select remote users" tab.

A group or local policy will deny you from logging onto Terminal services and RDP. But, the error is a little bit different. It will usually say something like "a local (or group policy) is preventing you from logging on interactively to terminal services"
0
 
LVL 6

Expert Comment

by:raptorjb007
ID: 21856964
Any luck?
0
 
LVL 1

Expert Comment

by:comptech_engineering
ID: 22474753
Adding Domain Users to the RDP protocol fixed this problem for me.  

Thanks raptorjb007.
0
 
LVL 2

Expert Comment

by:agrogers
ID: 25297249
Problem was solved for me by adding the Domain User to the local Remote Desktop Users group.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is my 3rd article on SCCM in recent weeks, the 1st (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_4466-A-beginners-guide-to-installing-SCCM2007-on-Windows-2008-R2-Server.html) dealing with installat…
Learn about cloud computing and its benefits for small business owners.
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question