Dcpromo and terminal server

I have a terminal server that I want to add as an additional domain controller (for backup purposes). When I go to run dcpromo I get the following message:

Terminal Server is installed on this computer. Installing Active Directory on this computer will change security policy on this computer so that only Administrators will be able to log on to the computer. This is done to secure access to the computer. If you wish to allow other users to log on to this computer with Terminal Server, you will need to change the security settings in Group Policy after Active Directory has been installed.


What setting(s) in Group Policy do I need to change to allow for normal terminal server access?

P.S. I know that it is not recommended to have domain controller on the terminal server, but this is my task :)
goliveukAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

abdulalikhanCommented:
Just change the Domain Controller Policy and allow logon to terminal services for the required user/group.
abdulalikhanCommented:
If this is a 2008 Domain Controller, Go to Administrative tools - Local Security Policy; Go to local Policies - User Rights Assignment - Allow Logon through remote desktop services and add the required users/group.
abdulalikhanCommented:
If this did not work, Open Group Policy Management Editor and Go to domain controller OU expanding it will show you 'Default Domain Controllers Policy' open the policy for editing and go to Computer Configuration - Policies - Windows Settings - Security Settings - User Rights Assignment and define 'Allow Logon through Remote Desktop Services'

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Brian PiercePhotographerCommented:
Its NEVER a good idea to have TS on a DC. It just throws security out of the of the door

I would question your 'task' and ask the taskmaster if they really way a DC with no security.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.