[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 303
  • Last Modified:

RDP Rights on Windows 2000 Domain Controllers

Hi,

We have Domain controllers running on Windows Server 2000. We need to give rights to some users to login to these 2000 Domain contollers remotely.

1) Please suggest me how to delegate the rights for the users to logon to Domain controllers     remotely on Windows 2000 servers?

2) We need to provide admin rigths to some users on Windows 2000 DC'S how to do this using    Gpo?

Please suggest me how to achieve this? This is very urgent for us.

Thanks in Advance.
0
gaddam01
Asked:
gaddam01
  • 3
  • 2
  • 2
  • +1
1 Solution
 
Darius GhassemCommented:
If a user has Terminal Service access to the Domain Controllers then they can access the DC pretty as an Admin. You need to only give Admins the rights to logon through Terminal Services.

http://support.microsoft.com/kb/232057
0
 
gaddam01Author Commented:
As we are talking about Domain Controllers there is no concept of called users and groups on DC's. I don't think the above link will applicable to Domain Controllers.
0
 
Darius GhassemCommented:
Correct you would need to do this in Active Directory but the steps are the same
0
Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

 
gaddam01Author Commented:
Please provide how to do this in Active Directory 2000? Please check and provide the steps to me.
0
 
SandeshdubeyCommented:
You need to add the domain user to allow logon locally and also to to logon through Terminal Services right in Default Domain Controller Policy to allow them to login to DC.

Reference link:
http://www.pctips3000.com/how-to-enable-a-domain-user-to-log-on-locally-on-the-domain-controller-in-windows-server-2003/

I personally will not recommend to allow user to login to DC as simple mistake by them can lead to big headache is there any specific reason why you want to allow user to logon to DC

0
 
abhijitwaikarCommented:
1) Please suggest me how to delegate the rights for the users to logon to Domain controllers  remotely on Windows 2000 servers?
You need to configure Terminal services on windows 2000, In windows 2000 2 mode are available for remote access:
Remote administration - The terminal server may be remotely managed, but applications cannot be run remotely.
Application server - The terminal server may be remotely managed, and applications can be run remotely.

Refer below KB articles:
How To Install Terminal Services in Application Server Mode in Windows 2000
http://support.microsoft.com/kb/306626

HOW TO: Install Terminal Services in Remote Administration Mode in Windows 2000
http://support.microsoft.com/kb/306624

Windows 2000 Terminal Services
http://www.comptechdoc.org/os/windows/win2k/win2kterminal.html
0
 
gaddam01Author Commented:
how to configure the Gpo "login through terminal services" on Windows server 2000?
0
 
SandeshdubeyCommented:
You will get the the option in Default Domain Controller policy -Computer Configuration -Windows Settings" ->Security Settings->Local Policies -> "User Rights Assignment -> "Allow logon
through Terminal Services
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now