Re: Deny Logon through Terminal Services Issue

If I recall correctly the user rights to log on via TS or to deny the same
did not exist in W2k. In W2k one needed local logon user right to log
on via TS. Evidently the W2k you have is attempting to implement this
XP and later policy as best it can using the user right that it does have.
If you want to exert that control over W2k, instead of using the user
rights you are attempting to utilize, use the Permissions tab in the
properties
of the RDP connectoid shown in the right panel when you are in the Terminal
Services Configuration MMC tool. There you can state what groups are
allowed, and at what level of access, the use of a TS login.


"Scottie D" <sdavis821@xxxxxxxxx> wrote in message
news:1156265364.743072.305290@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Network Background:
Windows 2003 SP1 Server Environment

Issue:
I set the "Deny log on through Terminal Services" from 'Not Defined'
to 'Guests'. After I made this change a user was unable to logon
locally to a Windows 2000 SP4 machine, the error message read 'Local
policy of this system does not permit you to login interactively'.

I logged on locally as administrator - successful
I logged onto another machine as user with issue - successful
Determines its a machine security issue.

After playing with settings I reviewed my security changes and changed
the "Deny log on through Terminal Services" back to 'Not Defined'.
User with issue can now logon.

User should be logging on locally not with Terminal Services, is this
a known issue with Windows 2000?

I know the issue is solved but i would like to deny 'guests' log on
through terminal services, but I am unable to add that setting without
taking away that users access locally.



.

Relevant Pages

  • Re: Threat vector of running a service using a domain account
    ... so I would edit the group policy that is linked to my domain. ... Deny access to this computer from the network ... Deny logon through Terminal Services ... normally I deny access to this computer from the network, deny logon on locally and deny logon through terminal services. ...
    (Security-Basics)
  • Re: Lockdown remote user but not local login
    ... Under user account's Terminal Services Profile, there is a per-user property "Deny this user permissions to logon to Terminal Server": ...
    (microsoft.public.windows.terminal_services)
  • Disabling Terminal Service access by default
    ... When I add users to a Windows 2000 server, they are granted Terminal Service ... How do I deny them access by default. ... Recently I've been using the ADDUSERS tool from the resource kit, ... I don't have the ability to define Terminal Services ...
    (Focus-Microsoft)
  • Re: How to make Forth interesting?
    ... trying to deny that I wrote and distributed lots of software ... I think GUI is a good example. ... Humm, Windows Forth ... to the flash files etc. to create flash images for the target ...
    (comp.lang.forth)
  • Re: (OT:) If the Earth is heating up, why am I freezing my @$$ off?
    ... None of us can deny the Glaciers in Illinois melted before any greenhouse ... notice they aren't the least bit concerned about pollution in China, India, ... I would have to at least roll the windows down and still ...
    (alt.autos.toyota)