Solved

To log onto this remote computer, you must be granted the Allow Log on through Terminal Services Right....

Posted on 2008-06-18
9
32,469 Views
Last Modified: 2013-11-21
When I try to log onto a terminal server as a user it gives me the following error,   To log onto this remote computer, you must be granted the Allow Log on through Terminal Services Right....etc.    I have this user added as a remote desktop user on the domain controller and on the terminal server in question.  If I make the user a domain admin then they are able to log on but we do not want them to have these rights.  We have also made sure the Remote Desktop User group has the rights to log on using Terminal Services.  Any siggestions?
0
Comment
Question by:johnpatbullock
9 Comments
 
LVL 6

Expert Comment

by:raptorjb007
ID: 21814439
Add the domain "Remote Desktop users" group to the Terminal Server's local "Remote Desktop users" group. The local group has permissions to the RDP protocol by default. This configuration will allow you to manage which users can connect using the domain security group going forward.

If the terminal server is a DC there may be additional steps, if this is the case let me know.
0
 

Author Comment

by:johnpatbullock
ID: 21816517
This has been added and it still will not let me log on.  The terminal server is not the DC.
0
 
LVL 6

Accepted Solution

by:
raptorjb007 earned 250 total points
ID: 21816745
There are a few places that need to be configured properly for TS to work.

1) The "allow logon through terminal services" right must be assigned to the user or group in question. This can be done through group policy or local policy. By default, remote desktop users is granted this right locally, you can do the same with a domain policy for good group organization.

2) Permissions to the RDP protocol must be added in (admin tools->Terminal services config->connections->RDP-tcp properties->Permissions). Usually remote desktop users is already listed but you may have to add it.

3) The "HKLM\system\currentcontrolset\control\terminal server\fDenyTSConnections" dword must be set to "0". This can also be accessed by right clicking "my computer" and choose properties, go to the "remote" tab, and check the box for "enable remote desktop on this computer.

Typically, I add "authenticated users" to the local remote desktop group, then grant remote desktop users permissions to the RDP-tcp protocol. I then grant the "allow logon through terminal services" right via group policy to the terminal server(locally or domain) to "authenticated users". This method allows all users to logon, you would have to use a security group if you only want to grant specific users access.

You can define the permissions for the user's/groups however you want. It is usually easiest to add the users you wish to allow to the domain group "remote desktop users", add the domain group to the local "remote desktop users" on the server for good measure, then reference the domain group in RDP permissions and the "allow logon.." policy setting.

Let me know if this helps.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 38

Assisted Solution

by:ChiefIT
ChiefIT earned 250 total points
ID: 21819456
Assuming this has never worked before, you have to manually configure RDP to allow log on.

Right click the "my compuer" icon> select "properties">> select the remote tab. In the middle of that tab you need to enable the checkbox that says something like "allow users to connect to this computer remotely" (By default, the only one with permissions is the domain administrator). To add other folks click the "select remote users" tab.

A group or local policy will deny you from logging onto Terminal services and RDP. But, the error is a little bit different. It will usually say something like "a local (or group policy) is preventing you from logging on interactively to terminal services"
0
 
LVL 6

Expert Comment

by:raptorjb007
ID: 21856964
Any luck?
0
 
LVL 1

Expert Comment

by:comptech_engineering
ID: 22474753
Adding Domain Users to the RDP protocol fixed this problem for me.  

Thanks raptorjb007.
0
 
LVL 2

Expert Comment

by:agrogers
ID: 25297249
Problem was solved for me by adding the Domain User to the local Remote Desktop Users group.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question