How do I grant TS access without giving users admin privileges?
Posted on 2009-02-24
We have three new servers: a domain controller, a terminal server, and a
file/app server that is a secondary domain controller.
We are still running using the old servers and I'm in the process of trying
to get everything setup on the new servers before we switch everyone over.
I'm almost at the point where I want to just have management bring in
someone to do this at be done with it. But I'm trying to do it on my own
for 1) my own personal satisfaction to know that I can do it, and 2)
management would be much more impressed and happy if we don't have to pay
for someone else to do it.
I have setup the domain and added all of the user accounts. I've created a
group policy that routes the users My Documents folder to a network share
(and creates it if it doesn't exist). I've made the file/app server the
secondary domain controller and joined the terminal server to the domain. I
have went through the steps to install terminal services and the licenses on
the terminal server. I have installed the anti-virus on the file/app server
and used it to push it out to both the other servers and my PC (which I have
joined to the domain).
We have a new employee starting Thursday and I've been trying to set him up
on the domain to start with so I won't have to move him over. He is my
first test case that doesn't have admin priviledges. I created his account
on the domain controller and added him to the "Remote Desktop Users" group.
But when I try to logon as him to the terminal server it says he doesnt have
access to log on remotely. I then created a group called "Remote Users" and
added all users to that group. Then I added that group to the "Remote
Desktop Users" group on the Terminal Server (under Local Accounts). This
worked but when I log on as this user, he has admin privileges (including
the option to "shut down the server").
What am I doing wrong? How can I give users access to the Terminal Server