Re: Terminal Services (Administration mode) Security
Navigato
Date: 10/08/04
- Next message: Skorpion: "Re: usb pen drives - sometimes install sometimes not"
- Previous message: andy smart: "Re: usb pen drives - sometimes install sometimes not"
- In reply to: Steven L Umbach: "Re: Terminal Services (Administration mode) Security"
- Next in thread: Steven L Umbach: "Re: Terminal Services (Administration mode) Security"
- Reply: Steven L Umbach: "Re: Terminal Services (Administration mode) Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 8 Oct 2004 08:51:56 -0600
Steve Thanks! I figured my first issue was the delay in replication since
the child domain is half way around the world :-) Second issue is just like
you said - If not specifically allowed the 'log on locally' user right on
the member servers the login is rejected. Since administrators have this
capability when I added the group to the administrators of the local machine
the problem was solved. (These folks will need admin access anyways).
Rock on!
"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:FCi9d.140637$wV.138303@attbi_s54...
> On the Windows 2000 Terminal Server add your group to the logon locally
user
> right . Do that in Local Security Policy for a domain member and you would
> have to do that in Domain Controller Security Policy for domain
controllers.
> Look under security settings/local policies/user rights. If the server is
a
> domain controller you may want to put in a child OU to the domain
> controllers OU and then configure that user right via a GPO for that OU.
> That will prevent that group from being able to logon to all domain
> controllers locally. If you do such be sure administrators is also
included
> in the logon locally user right. Keep in mind that any "deny" user right
> will override any "allow" user right and that administrators are also
> members of the users and everyone groups. If you are doing this to a non
> domain controller, be sure that the local setting equals the effective
> setting after refreshing the policy. If it does not, there is a domain/OU
> policy overriding the local policy. --- Steve
>
>
> <Navigato> wrote in message news:uooq4iJrEHA.1152@TK2MSFTNGP11.phx.gbl...
> >I have an AD group 'RDPaccess' consisting of users from two domains: the
> > local domain and it's parent domain. I have added this group with full
> > access to the RDP connection in the Terminal Services Configuration
> > application on the Win2K server.
> >
> > Using the remote desktop client:
> > Attempting to log in as a non-administrative user from the parent domain
I
> > get the error 'You do not have permissions to log onto this session'. I
> > then added the RDPaccess group to the local machine administrators group
> > (just to see if the situation didn't improve) no dice.
> >
> > I can however log onto the server using an administrative login from the
> > parent domain, and a non-administrative login (still a member of
> > RDPaccess)
> > in the local domain.
> >
> > Am I missing something? Any suggestions?
> >
> > Thanks!
> >
> >
>
>
- Next message: Skorpion: "Re: usb pen drives - sometimes install sometimes not"
- Previous message: andy smart: "Re: usb pen drives - sometimes install sometimes not"
- In reply to: Steven L Umbach: "Re: Terminal Services (Administration mode) Security"
- Next in thread: Steven L Umbach: "Re: Terminal Services (Administration mode) Security"
- Reply: Steven L Umbach: "Re: Terminal Services (Administration mode) Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
