Solved

To log onto this remote computer, you must be granted the Allow Log on through Terminal Services Right....

Posted on 2008-06-18
9
32,321 Views
Last Modified: 2013-11-21
When I try to log onto a terminal server as a user it gives me the following error,   To log onto this remote computer, you must be granted the Allow Log on through Terminal Services Right....etc.    I have this user added as a remote desktop user on the domain controller and on the terminal server in question.  If I make the user a domain admin then they are able to log on but we do not want them to have these rights.  We have also made sure the Remote Desktop User group has the rights to log on using Terminal Services.  Any siggestions?
0
Comment
Question by:johnpatbullock
9 Comments
 
LVL 6

Expert Comment

by:raptorjb007
ID: 21814439
Add the domain "Remote Desktop users" group to the Terminal Server's local "Remote Desktop users" group. The local group has permissions to the RDP protocol by default. This configuration will allow you to manage which users can connect using the domain security group going forward.

If the terminal server is a DC there may be additional steps, if this is the case let me know.
0
 

Author Comment

by:johnpatbullock
ID: 21816517
This has been added and it still will not let me log on.  The terminal server is not the DC.
0
 
LVL 6

Accepted Solution

by:
raptorjb007 earned 250 total points
ID: 21816745
There are a few places that need to be configured properly for TS to work.

1) The "allow logon through terminal services" right must be assigned to the user or group in question. This can be done through group policy or local policy. By default, remote desktop users is granted this right locally, you can do the same with a domain policy for good group organization.

2) Permissions to the RDP protocol must be added in (admin tools->Terminal services config->connections->RDP-tcp properties->Permissions). Usually remote desktop users is already listed but you may have to add it.

3) The "HKLM\system\currentcontrolset\control\terminal server\fDenyTSConnections" dword must be set to "0". This can also be accessed by right clicking "my computer" and choose properties, go to the "remote" tab, and check the box for "enable remote desktop on this computer.

Typically, I add "authenticated users" to the local remote desktop group, then grant remote desktop users permissions to the RDP-tcp protocol. I then grant the "allow logon through terminal services" right via group policy to the terminal server(locally or domain) to "authenticated users". This method allows all users to logon, you would have to use a security group if you only want to grant specific users access.

You can define the permissions for the user's/groups however you want. It is usually easiest to add the users you wish to allow to the domain group "remote desktop users", add the domain group to the local "remote desktop users" on the server for good measure, then reference the domain group in RDP permissions and the "allow logon.." policy setting.

Let me know if this helps.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 38

Assisted Solution

by:ChiefIT
ChiefIT earned 250 total points
ID: 21819456
Assuming this has never worked before, you have to manually configure RDP to allow log on.

Right click the "my compuer" icon> select "properties">> select the remote tab. In the middle of that tab you need to enable the checkbox that says something like "allow users to connect to this computer remotely" (By default, the only one with permissions is the domain administrator). To add other folks click the "select remote users" tab.

A group or local policy will deny you from logging onto Terminal services and RDP. But, the error is a little bit different. It will usually say something like "a local (or group policy) is preventing you from logging on interactively to terminal services"
0
 
LVL 6

Expert Comment

by:raptorjb007
ID: 21856964
Any luck?
0
 
LVL 1

Expert Comment

by:comptech_engineering
ID: 22474753
Adding Domain Users to the RDP protocol fixed this problem for me.  

Thanks raptorjb007.
0
 
LVL 2

Expert Comment

by:agrogers
ID: 25297249
Problem was solved for me by adding the Domain User to the local Remote Desktop Users group.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows Update not working 12 114
Auto-Enrollment Group Policy 2 43
sccm client without collection 1 39
Windows Server Backup for Exchange incremental 15 48
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now