Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Dcpromo and terminal server

Posted on 2012-03-20
4
Medium Priority
?
990 Views
Last Modified: 2012-04-04
I have a terminal server that I want to add as an additional domain controller (for backup purposes). When I go to run dcpromo I get the following message:

Terminal Server is installed on this computer. Installing Active Directory on this computer will change security policy on this computer so that only Administrators will be able to log on to the computer. This is done to secure access to the computer. If you wish to allow other users to log on to this computer with Terminal Server, you will need to change the security settings in Group Policy after Active Directory has been installed.


What setting(s) in Group Policy do I need to change to allow for normal terminal server access?

P.S. I know that it is not recommended to have domain controller on the terminal server, but this is my task :)
0
Comment
Question by:goliveuk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 7

Expert Comment

by:abdulalikhan
ID: 37741132
Just change the Domain Controller Policy and allow logon to terminal services for the required user/group.
0
 
LVL 7

Expert Comment

by:abdulalikhan
ID: 37741146
If this is a 2008 Domain Controller, Go to Administrative tools - Local Security Policy; Go to local Policies - User Rights Assignment - Allow Logon through remote desktop services and add the required users/group.
0
 
LVL 7

Accepted Solution

by:
abdulalikhan earned 2000 total points
ID: 37741155
If this did not work, Open Group Policy Management Editor and Go to domain controller OU expanding it will show you 'Default Domain Controllers Policy' open the policy for editing and go to Computer Configuration - Policies - Windows Settings - Security Settings - User Rights Assignment and define 'Allow Logon through Remote Desktop Services'
0
 
LVL 70

Expert Comment

by:KCTS
ID: 37741406
Its NEVER a good idea to have TS on a DC. It just throws security out of the of the door

I would question your 'task' and ask the taskmaster if they really way a DC with no security.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Let's recap what we learned from yesterday's Skyport Systems webinar.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question