Solved

RDP serial port problems W2008R2 AD controller and TS server

Posted on 2013-11-04
3
833 Views
Last Modified: 2013-11-20
Hello,

First of all let me start by saying this is a client machine and we have already reiterated many times that allowing regular users to connect to their AD controller to run applications is a horrendously bad idea and violates several security and configuration recomendations..

That said, the client insists on doing it anyway so here is my question

When running their application from a local logon on the console they can access a serial device. When running application through RDP and attempting to run same application using a redirected client serial port the application cannot operate the serial device.

The port is redirecting properly, we see it with change port /query and the configuration of rdp-tcp and the specific policies for device redirection are all correct for allowing this to work.

Under R2 I can replicate the error on a non domain controller, and it goes away when the user is added to the local administrators group of the server.. Unfortunately there is no local group on an AD controller, and adding them to the domain admins group does not make this work. This gives me the impression that it is a default User Access policy issue (UAC itself is disabled in both cases to prevent token filtering issues).

Are there any specific user access permissions affecting the serial ports in GPedit ?

Thanks in advance..
0
Comment
Question by:bigdug
  • 2
3 Comments
 
LVL 28

Expert Comment

by:asavener
ID: 39644532
This doesn't directly answer that question, but have you tried adding the users to the Server Operators group?
0
 
LVL 28

Accepted Solution

by:
asavener earned 500 total points
ID: 39644536
http://technet.microsoft.com/en-us/library/cc725887%28v=ws.10%29.aspx

Computer Configuration\Policies\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Device and Resource Redirection

 Do not allow COM port redirection
      

This policy setting allows you to specify whether to prevent the redirection of data to client COM ports from the remote computer in a Terminal Services session.

You can use this policy setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they are logged on to a Terminal Services session. By default, Terminal Services allows this COM port redirection.

If you enable this policy setting, users cannot redirect server data to the local COM port.

If you disable this policy setting, Terminal Services always allows COM port redirection.

If you do not configure this policy setting, COM port redirection is not specified at the Group Policy level. However, an administrator can still disable COM port redirection by using the Terminal Services Configuration tool.
      

At least Windows XP Professional or Windows Server 2003
0
 
LVL 1

Author Closing Comment

by:bigdug
ID: 39663918
It turned out to be a combination of two things. The first was this policy, and the second was that one of the helpful users had reenabled UAC.. Not sure which of the two caused this odd behaviour but changed both and it stopped. The odd part was seeing in in portQry, that makes me think UAC was the main issue. I beleive if the policy was taking effect it would not map at all..  Too many cooks in the kitchen with this problem I'm afraid..
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
asa failover 3 44
slow vpn connection 9 77
RNC Hacking Question 6 45
How to mitigate against SHA256 hashes if our devices can't support it 8 28
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question