How to share application using windows 2003 terminal server?

Go to c:/ .  Documents and Settings. All Users and put a shortcut on the desktop there.

This will have the program readily available for anyone that logs into the TS.

you get the shortcut from where? from server?
you don't need to use RDP client to connect to server?

I think you missed my last question. Regardless the installation, how the user access the application? Do they need to use RDP to the server and using application there?

Yes. they need to be on the network or via VPN. Then RDP or VNC to the server and log in to utilize TS

What?!  Even I don't install terminal server, I can still use RDP client to the server and use all applications. What's the difference?

I see... But it sounds that a practical solution for end users. When they need to use office application, ex: word. They have to open up RDP client, connect to terminal server, use the word in the server and save files on that server. And if they need to send that word document in email, they have to back to their desktop, fire up their outlook, look for the word document they created on the server. And if the location where they saved the file that is not shared, they don't have access to the file....... sounds very impractical.

by the way, i just install TS on my DC. I know usually it will not install on DC, it's my lab. I didn't install the license server at this time. I add one user in the remote desktop GP, but when I tried to access the server from client pc, why i still get denied access??

What's the exact error that you get when you try to log on?

Users can also set up their emails on a TS profile. That way their machine is just a dummy machine. Thats the way you would work around that.

here
rdp.jpg

It's working now! Do you think it's because this is a DC, that's why I need to that? if I install the TS on a member server, do i still to do this or just simply add the user to remote desktop gp?

and how can i install the application? can I just install like usual or i need to perform extra steps?

and one more thing I noticed, the user can view everything on the DC, all folders, files, AD setting...
Do i have control over that?

That's one of the reasons why it's not a good idea to install Terminal Server on a DC - you end up allowing your TS users to effectively log on locally to the DC.  They don't have administrative rights (unless you explicitly give them admin rights), so they shouldn't be able to do too much damage, but it's still a security hole.

As far as installing TS on a member server, I don't recall whether that automatically grants the "Log on through Terminal Services" user right to anyone, so you'll want to check it to make sure.  In any case, you won't be checking the Domain Controller Security Policy, since it won't be installed on a DC - you'll need to check the policy for whatever OU that member server occupies.

thank you!! and how can i install the application? can I just install like usual (like double click on exe file) or i need to perform extra steps?

Make sure to change to install mode with "change user /install" first, and then you can install normally - by double-clicking setup.exe or whatever the app requires.  Then don't forget to change back to execute mode with "change user /execute" after the installation completes.

"Make sure to change to install mode with "change user /install" first"
in CMD? or right clikck on the app?

At a command prompt.

So you mean I type "change user/install" in CMD and then double click on any file?
And after the installation is done, I type "change user /execute" again in CMD?

Correct.

Thank you so much for your time!! Something just happened to me unexpectedly. After I reboot my DC, domain admin no longer able to remote access to it !! but physical access is fine..... what happened?

Not sure.  Are you getting the same error as before, or a different one?

same. I think the TS modified something

Yep, it must have.  Check that user right in the DC Security Policy again, and check the membership of the Remote Desktop Users group as well (unless you're using a different group, obviously).

By default the remote desktop group contains which group?  my has none there, but in remote desktop of computer system property, it shows "administrators already have access"

also checked the DC user right, the "Allow logon locally" , administrators is already in the list.

and plus administrator already has access to remote desktop, i cannot think of why this happened

I don't think Remote Desktop Users contains anything by default - at least, it's empty on a 2003 DC I have here.  "Allow logon locally" may be populated, but how about "Allow logon through Terminal Services?"

it's "not defined"

Define it and add Remote Desktop Users to it.

I just added the domain admin account to the "remote desktop users" in system property.
It works! but this should not be this. I believe if you check your DC, u don't have any admin account in the lists, but you can still access by rdp client.

and i also found out, the TS really screwed up my DC. now I just uninstalled TS to see if it's better, but it's not.

I added domain users in "remote desktop users" in system property., and they can just rdp to my DC.

in your user right, allow logon locally, what do you have there?

What's screwed up on the DC at the moment, now that TS has been removed?

On my DC, "Allow logon locally" is assigned to Account Operators, Administrators, Backup Operators, Print Operators, and Server Operators.

I have them as well, plus domain\IUSR_DC1. no idea what's this.

Yes, I uninstalled TS. But nothing changed.

The IUSR account is used for anonymous web access.  You must have IIS installed on that DC.
To clarify my earlier question, what's not working correctly on the DC?

Domain administrator doesn't have access to DC via RDP client.
I will assign you the point now, since you already answered my question. If you have time, please help me to fix this extra issue. Thank you for your time!!!

Go to My Computer Properties and look in the Remote tab.  Make sure the "Enable Remote Desktop" box is checked.  Removing TS has been known to disable that.

yes.I double checked, I checked it back.
one thing in user right,  allowed to log on through Terminal Services -> it's "Not defined".

Probably the TS change its default setting, where can I find out? I tried to add administrators there and it works.

Yeah, removing TS probably changed that back to "Not defined."  I don't have a DC with TS installed, so I can't verify that myself.

In you DC,  " allowed to log on through Terminal Services" -> it's not defined??? or not?

It's "Not defined" on my DC.

ok.... so same as my.... we are not able to find out what the default for "Not defined"???

I'm pretty sure "Not defined" is the default.  I haven't made any changes to that setting on my DC, as far as I know.

No, I mean, even though it is  "NOT DEFINED". But in the root of the AD, there should be policy there. So if here is "Not defined", then the policy propagate down. If I set something else here, it will overwrite the root setting. So I think there should be a setting in the root. Do you understand what i am trying to say?

I can verify that it's "Not defined" in both the Default Domain Policy and Default Domain Controller Policy on my server, so it is apparently not defined by default in any location.  It's simply a user right that's not assigned to anyone until you assign it.

Also, it's time for me to leave the office, so I will likely not be back on EE until Monday.

Thank you so much for spending your valuable time with me!! have a nice weekend