RDP Rights on Windows 2000 Domain Controllers


We have Domain controllers running on Windows Server 2000. We need to give rights to some users to login to these 2000 Domain contollers remotely.

1) Please suggest me how to delegate the rights for the users to logon to Domain controllers     remotely on Windows 2000 servers?

2) We need to provide admin rigths to some users on Windows 2000 DC'S how to do this using    Gpo?

Please suggest me how to achieve this? This is very urgent for us.

Thanks in Advance.
Who is Participating?
abhijitwaikarConnect With a Mentor Commented:
1) Please suggest me how to delegate the rights for the users to logon to Domain controllers  remotely on Windows 2000 servers?
You need to configure Terminal services on windows 2000, In windows 2000 2 mode are available for remote access:
Remote administration - The terminal server may be remotely managed, but applications cannot be run remotely.
Application server - The terminal server may be remotely managed, and applications can be run remotely.

Refer below KB articles:
How To Install Terminal Services in Application Server Mode in Windows 2000

HOW TO: Install Terminal Services in Remote Administration Mode in Windows 2000

Windows 2000 Terminal Services
Darius GhassemCommented:
If a user has Terminal Service access to the Domain Controllers then they can access the DC pretty as an Admin. You need to only give Admins the rights to logon through Terminal Services.

gaddam01Author Commented:
As we are talking about Domain Controllers there is no concept of called users and groups on DC's. I don't think the above link will applicable to Domain Controllers.
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Darius GhassemCommented:
Correct you would need to do this in Active Directory but the steps are the same
gaddam01Author Commented:
Please provide how to do this in Active Directory 2000? Please check and provide the steps to me.
SandeshdubeySenior Server EngineerCommented:
You need to add the domain user to allow logon locally and also to to logon through Terminal Services right in Default Domain Controller Policy to allow them to login to DC.

Reference link:

I personally will not recommend to allow user to login to DC as simple mistake by them can lead to big headache is there any specific reason why you want to allow user to logon to DC

gaddam01Author Commented:
how to configure the Gpo "login through terminal services" on Windows server 2000?
SandeshdubeySenior Server EngineerCommented:
You will get the the option in Default Domain Controller policy -Computer Configuration -Windows Settings" ->Security Settings->Local Policies -> "User Rights Assignment -> "Allow logon
through Terminal Services
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.