[Last Call] Learn how to a build a cloud-first strategyRegister Now


group policy for windows 2003 domain controller

Posted on 2012-09-06
Medium Priority
Last Modified: 2012-09-28
wanted to find out how to set up a group policy on a windows 2003 domain controller that would allow certain users to access it through terminal services.  Currently, 2 users are able to access it and i can view them as having local profiles on this server but for some reason a previous user whose profile got corrupted can no longer access it through remote desktop session.  I was told that on a domain controller there is no way to add local users and have to do this using active directory users and computers.  Which is the correct way to add users to enable them to access this server through terminal services since when i tried using gpedit.msc the option to add users in terminal services is grayed out.  thanks.
Question by:dankyle67
LVL 70

Expert Comment

ID: 38372634
Win2003 Server allows 2 remote connections for ADMIN purposes. If you want more remote users and for them to maintain their own profiles you will need to install Terminal Services and buy licences. That said, its NOT a good idea to install Terminal Services on a DC as its a huge secirity risk - MS discourage it - and even prevent it on SBS servers.
LVL 24

Assisted Solution

by:Nagendra Pratap Singh
Nagendra Pratap Singh earned 1000 total points
ID: 38373517
You can see all profiles and actually rename delete the suspect profile under

c:\documents and settings.

That is all you need to do.

Author Comment

ID: 38373588
For some reason the user is not showing up under c:\documents and settings which reason i am having problem since i cannot delete it then cannot recreate user profile.  This is why i am trying to find out if there is a domain policy that is restricting access for this particular user.  This is a terminal server and am aware of the security issues relating to having it on a domain controller.  We are planning to demote it to a member server down the road but for now, this user needs access remotely.  Also, we have plenty of licenses for terminal server.
LVL 18

Accepted Solution

Sarang Tinguria earned 1000 total points
ID: 38373668

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question