Re: XP Security Policy issue with Remote Login

From: Dusko Savatovic (savatovic.removespam_at_hotmail.com)
Date: 06/17/04 

Date: Thu, 17 Jun 2004 16:43:14 +0200

A-ha.

Dave,

I think you are now trying to connect to disconnected session, not logged out session. Go back and log on as admin. Then log off, don't just disconnect.

Dusko Savatovic

  "Dave Leonardi" <cyberfrost100@yahoo.com> wrote in message news:ujxQMUHVEHA.584@TK2MSFTNGP09.phx.gbl...
  Dusko,

      I see your point. I am trying to connect from a Win XP Machine to another Win XP Machine via remote desktop, and that's when I get my error. I added Domain Users to the Default Domain Policy "Allow Log on through Terminal Services" and now it attempts to log me on only to return another error, which is as follows: You do not have access to logon to this session. We're getting there, but it still won't let me connect. Thanks for the hint. I'm already using GPMC and ,by the way, is a great tool.

                                                                                   Dave
    "Dusko Savatovic" <savatovic.removespam@hotmail.com> wrote in message news:e8WTM6GVEHA.2388@TK2MSFTNGP09.phx.gbl...
    Dave,
    Try to define "Allow log on through Terminal Services
    I also don't quite understand what you are trying to achieve:
    a) use remotedesktop to connect to domain controller
    b) use remotedesktop to connect to another server in domain
    c) use remotedesktop to connect to another WinXP

    The reason I'm asking is because it affects where you set this policy.
    If you set this policy in domain controllers policy, then this policy will be applied only to domain controllers that live in "Domain Controllers" container in Active Directory.

    If your answer is c) above, then you need to define policy in diferrent container. You can do it at the top (Domain1) ie change domain policy, or you can:
    a) create OU
    b) move XP computer from "Computers" container to your OU
    c) create and link policy to your OU

    Hint. If your DC is WS2k3, download and install Group Policy Management Console (GPMC). You can download it from Microsoft web site.

    Dusko Savatovic

      Policy Policy Setting
      Policy Policy Setting
      Access this computer from the network Administrators,Everyone,Domain1\IUSR_HERA,Domain1\IWAM_HERA,Domain1\IWAM_TEST
      Act as part of the operating system Domain1\SWSDAdmin,Domain1\exchange,Domain1\ExecSvc
      Add workstations to domain Domain1\GHOST_LIBRARY1,Authenticated Users
      Adjust memory quotas for a process Domain1\IWAM_HERA,Administrators
      Allow log on locally Domain1\TsInternetUser,Domain1\IWAM_TEST,Domain1\IUSR_TEST,Domain1\IUSR_HERA,Domain1\Domain Users,Server Operators,Print Operators,Everyone,SWSDAdmin,Backup Operators,Authenticated Users,Administrators,Account Operators
      Allow log on through Terminal Services Domain1\Domain Users
      Back up files and directories Administrators,Server Operators,Backup Operators
      Bypass traverse checking Everyone

Quantcast