Solved

To log onto this remote computer, you must be granted the Allow Log on through Terminal Services Right....

Posted on 2008-06-18
9
32,688 Views
Last Modified: 2013-11-21
When I try to log onto a terminal server as a user it gives me the following error,   To log onto this remote computer, you must be granted the Allow Log on through Terminal Services Right....etc.    I have this user added as a remote desktop user on the domain controller and on the terminal server in question.  If I make the user a domain admin then they are able to log on but we do not want them to have these rights.  We have also made sure the Remote Desktop User group has the rights to log on using Terminal Services.  Any siggestions?
0
Comment
Question by:johnpatbullock
9 Comments
 
LVL 6

Expert Comment

by:raptorjb007
ID: 21814439
Add the domain "Remote Desktop users" group to the Terminal Server's local "Remote Desktop users" group. The local group has permissions to the RDP protocol by default. This configuration will allow you to manage which users can connect using the domain security group going forward.

If the terminal server is a DC there may be additional steps, if this is the case let me know.
0
 

Author Comment

by:johnpatbullock
ID: 21816517
This has been added and it still will not let me log on.  The terminal server is not the DC.
0
 
LVL 6

Accepted Solution

by:
raptorjb007 earned 250 total points
ID: 21816745
There are a few places that need to be configured properly for TS to work.

1) The "allow logon through terminal services" right must be assigned to the user or group in question. This can be done through group policy or local policy. By default, remote desktop users is granted this right locally, you can do the same with a domain policy for good group organization.

2) Permissions to the RDP protocol must be added in (admin tools->Terminal services config->connections->RDP-tcp properties->Permissions). Usually remote desktop users is already listed but you may have to add it.

3) The "HKLM\system\currentcontrolset\control\terminal server\fDenyTSConnections" dword must be set to "0". This can also be accessed by right clicking "my computer" and choose properties, go to the "remote" tab, and check the box for "enable remote desktop on this computer.

Typically, I add "authenticated users" to the local remote desktop group, then grant remote desktop users permissions to the RDP-tcp protocol. I then grant the "allow logon through terminal services" right via group policy to the terminal server(locally or domain) to "authenticated users". This method allows all users to logon, you would have to use a security group if you only want to grant specific users access.

You can define the permissions for the user's/groups however you want. It is usually easiest to add the users you wish to allow to the domain group "remote desktop users", add the domain group to the local "remote desktop users" on the server for good measure, then reference the domain group in RDP permissions and the "allow logon.." policy setting.

Let me know if this helps.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 38

Assisted Solution

by:ChiefIT
ChiefIT earned 250 total points
ID: 21819456
Assuming this has never worked before, you have to manually configure RDP to allow log on.

Right click the "my compuer" icon> select "properties">> select the remote tab. In the middle of that tab you need to enable the checkbox that says something like "allow users to connect to this computer remotely" (By default, the only one with permissions is the domain administrator). To add other folks click the "select remote users" tab.

A group or local policy will deny you from logging onto Terminal services and RDP. But, the error is a little bit different. It will usually say something like "a local (or group policy) is preventing you from logging on interactively to terminal services"
0
 
LVL 6

Expert Comment

by:raptorjb007
ID: 21856964
Any luck?
0
 
LVL 1

Expert Comment

by:comptech_engineering
ID: 22474753
Adding Domain Users to the RDP protocol fixed this problem for me.  

Thanks raptorjb007.
0
 
LVL 2

Expert Comment

by:agrogers
ID: 25297249
Problem was solved for me by adding the Domain User to the local Remote Desktop Users group.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
Know what services you can and cannot, should and should not combine on your server.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question