Users connecting from Remote Web Workplace

We have users who are trying to connect from home to their computers at work using the Remote Web Workplace portal in SBS2008.  When they connect they get this error:

To log on to this remote computer, you must be granted the Allow log on through Terminal Services right. Be default, members of the Remote Desktop Users group have this right. If you are not a member of the Remote Desktop Users group or another group that has this right, or if the Remote Desktop Users group does not have this right, you must be granted this right manually.


We have given them access to their machine as it shows up when they login and they get asked for credentials but then they get this error.

What do I need to do to get them to remote in?
maximus7569Asked:
Who is Participating?
 
Rob WilliamsConnect With a Mentor Commented:
I would first try updating the user roles. In the SBS console go to users and groups | users | on the right select "change user role for user accounts" | select the role and add the users, complete the wizard. This will update there permissions and rights within the SBS 2008 domain that may not have been carried forward from the 2003 domain.

Based on your comments I assume you have granted them access under User propertes | remote access, And also under User properties Web sites, in the SBS console?
0
 
Gary ColtharpSr. Systems EngineerCommented:
We use a group policy setting in a custom GPO.....

Computer Configuration, Administrative Templates, Windows Components, Remote Desktop Services, Remote Desktop Sessions, Connections: Allow users to connect remotely using Remote Desktop Services...set to enabled.

Run GPUPDATE on server
Run GPUPDATE /FORCE on workstation and reboot.
0
 
maximus7569Author Commented:
Should it not work without creating a custom GPO?  I am just going on the SBS thinking.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Gary ColtharpSr. Systems EngineerCommented:
Not necessarily... it all depends on how the domain came in to existence, whether it was a virgin config or a migration.

It could be that your computers are not in the correct OU from a migration to have the settings implied by SBS 2011 policy.

Forcing a new GPO is removable, you can select all domain computers as the target and the user remote policy will control who can access what.

0
 
maximus7569Author Commented:
Ah yes this was a domain migration and I have noticed that is really the only hiccup we are seeing.  Everything went well.

So it would be better to create this GPO?
0
 
Gary ColtharpSr. Systems EngineerCommented:
Yes, that way you dont have to move computer accounts around in AD...
0
 
maximus7569Author Commented:
Ok I will try that. Thanks.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.