Having issues with allowing a normal user remote desktop connection to domain controller.

Posted on 2009-02-17
Medium Priority
Last Modified: 2013-11-21
When attempting to logon Terminal Services running on a DC, I receive this message: "To log on this remote computer, you must be granted the Allow log on through Terminal Services right.  By default, members of the Remote Desktop Users group have this right.  If you are not a member of the Remote Desktop Users group or another group that has this right, or if the Remote Desktop User Group does not have this right, you must be granted this right manually."

Now I have tried several solutions:

- Assigning the user to "The Allow log on through Terminal Services" right, using local policy(gpedit.msc).
- Assign permission to use TS Configuration. Go to that, select the properties of RDP-Tcp.
- The Allow logon to terminal server check box under user properties.
- Assign the user to Access this computer from network.
- Assign the user to Allow log on locally.

It seems none of this is allowing the user to log in I was hoping someone could help with this and help me get my head around it.
Question by:mattskiver
  • 6
  • 3
LVL 57

Expert Comment

by:Pete Long
ID: 23658120
Hello mattskiver,

Your  methodology is sound? however if this is a DC what has been set in the domain controller securty policy?



Author Comment

ID: 23658170
Domain Controllers security policies have not be touched, and most remain either 'not configured' or 'not defined' well their at default values.

Accepted Solution

WeirdoBc earned 1050 total points
ID: 23658443
Most user rights for DCs are setted using the Domain Controller GPO. I'd suggest to add your users to the Remote Desktop Users group (Domain Local since your server is a DC). Also, make sure that you installed the Terminal service in Application mode.
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.


Author Comment

ID: 23658552
Administrators can log in through terminal services, it is only the users who cannot connect, the users have been added to Remote Desktop Users Group and we still proceed to having the same problem. If possible could anyone post a template of their user permissions in group policies so I can compare what we have?

Expert Comment

ID: 23658611
"Also, make sure that you installed the Terminal service in Application mode."

Author Comment

ID: 23658654
"Also, make sure that you installed the Terminal service in Application mode." We have installed this feature as adminsitrators can log in using RDC, user can not currently. It allows 2 users to RDC at any one time.

Author Comment

ID: 23679876
Thanks, the link helps but I am not sure about one thing I currently have active directory on a dc I am giving access to the user on the dc to connect through remote desktop, now the active directory is replicated onto a second server but it does not let me remote desktop in to it any ideas?

Author Comment

ID: 23735635
We are still stuck with this problem does anyone have any ideas?

Author Closing Comment

ID: 31547713
It was ts having to be in terminal service mode

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question