grant remote desktop to AD as account operator

Posted on 2011-10-05
Medium Priority
Last Modified: 2012-08-13
Hellow experts,

I want to grant remote desktop to our AD server, but just as an account operater, how to do that.
I have given remote desktop right to that user, but still can't login, the error message is no permission.

Question by:uknet80

Accepted Solution

expert02232010 earned 500 total points
ID: 36917086
you must also give that user logon rights to the server.

Expert Comment

ID: 36917149
open. Administrative Tools, Domain Security Policy.
Local Policies
User Rights assignment
Alow log on locally:  add the selected user (must also have Administrators group in there)

there are some warnings in kb823659
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 1000 total points
ID: 36917158
Can you tell me why? You can install "Administrative Tools" or "Remote Server Administrative Tools" on users workstation and give them possibility to use apporpriate consoles to manage AD (before that you need to delegate control to AD functions for them)

And they don't need to log on to DC. That's for security reason

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Assisted Solution

by:Sushant Gulati
Sushant Gulati earned 500 total points
ID: 36917767
I agree with iSeik. By propagating the rights to the account operators is a breach of a security. You are giving access to the Domain Controller to Allow Logon Locally.

This should only be controlled by the Domain Admins. I personally should not go ahead and give the rights unless the person knows how to operate the Active Directory and the person should be reliable. Don't delegate the control like this.

Good Luck..!!

Author Comment

ID: 36923972
can you tell me where to get Administrative Tool in install in windows 7.

LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 1000 total points
ID: 36923996

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
A hard and fast method for reducing Active Directory Administrators members.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question