group policy for windows 2003 domain controller

Posted on 2012-09-06
Last Modified: 2012-09-28
wanted to find out how to set up a group policy on a windows 2003 domain controller that would allow certain users to access it through terminal services.  Currently, 2 users are able to access it and i can view them as having local profiles on this server but for some reason a previous user whose profile got corrupted can no longer access it through remote desktop session.  I was told that on a domain controller there is no way to add local users and have to do this using active directory users and computers.  Which is the correct way to add users to enable them to access this server through terminal services since when i tried using gpedit.msc the option to add users in terminal services is grayed out.  thanks.
Question by:dankyle67
    LVL 70

    Expert Comment

    Win2003 Server allows 2 remote connections for ADMIN purposes. If you want more remote users and for them to maintain their own profiles you will need to install Terminal Services and buy licences. That said, its NOT a good idea to install Terminal Services on a DC as its a huge secirity risk - MS discourage it - and even prevent it on SBS servers.
    LVL 23

    Assisted Solution

    by:Nagendra Pratap Singh
    You can see all profiles and actually rename delete the suspect profile under

    c:\documents and settings.

    That is all you need to do.

    Author Comment

    For some reason the user is not showing up under c:\documents and settings which reason i am having problem since i cannot delete it then cannot recreate user profile.  This is why i am trying to find out if there is a domain policy that is restricting access for this particular user.  This is a terminal server and am aware of the security issues relating to having it on a domain controller.  We are planning to demote it to a member server down the road but for now, this user needs access remotely.  Also, we have plenty of licenses for terminal server.
    LVL 18

    Accepted Solution


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
    At the beginning of the year, the IT world was taken hostage by the shareholders of LogMeIn. Their free product, which had been free for ten years, all of the sudden became a "pay" product. Now, I am the first person who will say that software maker…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now