W2008R2 term.server-only administrator can log in
in [Terminal Services]
|
From: Evžen on 10 Feb 2010 17:14 Only domain administrator can log into remote desktop session, other users, even remote desktop group members - "access denied" . Terminal Server local users can log in without problems. We have not found new policy rule - all we know about W2003 did not help. Any suggestions - hope there is the 0/1 switch in the policy...? Domain controller running W2008R2, too. Thanks.
From: Bob Lin (MS-MVP) on 11 Feb 2010 16:26 For a test, if you add a domain user to the remote desktop settings>Remote desktop users, can he login? -- Bob Lin, Microsoft-MVP, MCSE & CNE Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com "Evžen" <Even(a)discussions.microsoft.com> wrote in message news:6F8E6225-C2DB-4CDB-B02C-C1CC2427A3F8(a)microsoft.com... > Only domain administrator can log into remote desktop session, other > users, > even remote desktop group members - "access denied" . Terminal Server > local > users can log in without problems. We have not found new policy rule - all > we > know about W2003 did not help. Any suggestions - hope there is the 0/1 > switch > in the policy...? Domain controller running W2008R2, too. Thanks.
From: Evžen on 12 Feb 2010 03:16 No, he cannot, we tried all possible combinations, I hope. In some cases (during setting experiments in policy), user could log in once, but more times never. We think that is R2 problem, W2008SP2 is OK in the same configuration (DC-R2 + TS-SP2), every time. It seems, that domain policy information exchange between DC and TS is not correct. "Bob Lin (MS-MVP)" wrote: > For a test, if you add a domain user to the remote desktop settings>Remote > desktop users, can he login? > > -- > Bob Lin, Microsoft-MVP, MCSE & CNE > Networking, Internet, Routing, VPN Troubleshooting on > http://www.ChicagoTech.net > How to Setup Windows, Network, VPN & Remote Access on > http://www.HowToNetworking.com > > > "Evžen" <Even(a)discussions.microsoft.com> wrote in message > news:6F8E6225-C2DB-4CDB-B02C-C1CC2427A3F8(a)microsoft.com... > > Only domain administrator can log into remote desktop session, other > > users, > > even remote desktop group members - "access denied" . Terminal Server > > local > > users can log in without problems. We have not found new policy rule - all > > we > > know about W2003 did not help. Any suggestions - hope there is the 0/1 > > switch > > in the policy...? Domain controller running W2008R2, too. Thanks. >
From: Bob Lin (MS-MVP) on 12 Feb 2010 09:00 OK, if the TS is also DC, the regular user can't logon. This page is talking about windows 2003 DC, it may work on windows 2008. You must be granted the allow log on through TS Resolutions: By default, only Administrators are allowed log on to the DC. If you want to some other users to access the DC using TS, try one or more of the ... www.chicagotech.net/RemoteAccess/ts15.htm -- Bob Lin, Microsoft-MVP, MCSE & CNE Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com "Evžen" <Even(a)discussions.microsoft.com> wrote in message news:F7F77DE9-8DAB-4266-865E-00D8AFABBE69(a)microsoft.com... > No, he cannot, we tried all possible combinations, I hope. In some cases > (during setting experiments in policy), user could log in once, but more > times never. We think that is R2 problem, W2008SP2 is OK in the same > configuration (DC-R2 + TS-SP2), every time. It seems, that domain policy > information exchange between DC and TS is not correct. > > "Bob Lin (MS-MVP)" wrote: > >> For a test, if you add a domain user to the remote desktop >> settings>Remote >> desktop users, can he login? >> >> -- >> Bob Lin, Microsoft-MVP, MCSE & CNE >> Networking, Internet, Routing, VPN Troubleshooting on >> http://www.ChicagoTech.net >> How to Setup Windows, Network, VPN & Remote Access on >> http://www.HowToNetworking.com >> >> >> "Evžen" <Even(a)discussions.microsoft.com> wrote in message >> news:6F8E6225-C2DB-4CDB-B02C-C1CC2427A3F8(a)microsoft.com... >> > Only domain administrator can log into remote desktop session, other >> > users, >> > even remote desktop group members - "access denied" . Terminal Server >> > local >> > users can log in without problems. We have not found new policy rule - >> > all >> > we >> > know about W2003 did not help. Any suggestions - hope there is the 0/1 >> > switch >> > in the policy...? Domain controller running W2008R2, too. Thanks. >>
From: Evžen on 12 Feb 2010 12:58 But TS is not the same machine as DC - we have one PDC (2008R2) and another server TS (2008R2), nothing else in the network at the time. When authentificating local user into the TServer, everything is OK. When we use TS under 2008 SP2 (not R2), everything is working correctly, domain user is authenticated. The only combination when it does not work is 2008R2 and 2008R2 and user authenticating into the domain. :-( "Bob Lin (MS-MVP)" wrote: > OK, if the TS is also DC, the regular user can't logon. This page is talking > about windows 2003 DC, it may work on windows 2008. > > You must be granted the allow log on through TS > Resolutions: By default, only Administrators are allowed log on to the DC. > If you want to some other users to access the DC using TS, try one or more > of the ... > www.chicagotech.net/RemoteAccess/ts15.htm > > > -- > Bob Lin, Microsoft-MVP, MCSE & CNE > Networking, Internet, Routing, VPN Troubleshooting on > http://www.ChicagoTech.net > How to Setup Windows, Network, VPN & Remote Access on > http://www.HowToNetworking.com > > > "Evžen" <Even(a)discussions.microsoft.com> wrote in message > news:F7F77DE9-8DAB-4266-865E-00D8AFABBE69(a)microsoft.com... > > No, he cannot, we tried all possible combinations, I hope. In some cases > > (during setting experiments in policy), user could log in once, but more > > times never. We think that is R2 problem, W2008SP2 is OK in the same > > configuration (DC-R2 + TS-SP2), every time. It seems, that domain policy > > information exchange between DC and TS is not correct. > > > > "Bob Lin (MS-MVP)" wrote: > > > >> For a test, if you add a domain user to the remote desktop > >> settings>Remote > >> desktop users, can he login? > >> > >> -- > >> Bob Lin, Microsoft-MVP, MCSE & CNE > >> Networking, Internet, Routing, VPN Troubleshooting on > >> http://www.ChicagoTech.net > >> How to Setup Windows, Network, VPN & Remote Access on > >> http://www.HowToNetworking.com > >> > >> > >> "Evžen" <Even(a)discussions.microsoft.com> wrote in message > >> news:6F8E6225-C2DB-4CDB-B02C-C1CC2427A3F8(a)microsoft.com... > >> > Only domain administrator can log into remote desktop session, other > >> > users, > >> > even remote desktop group members - "access denied" . Terminal Server > >> > local > >> > users can log in without problems. We have not found new policy rule - > >> > all > >> > we > >> > know about W2003 did not help. Any suggestions - hope there is the 0/1 > >> > switch > >> > in the policy...? Domain controller running W2008R2, too. Thanks. > >> >
|
Next
|
Last
Pages: 1 2 Prev: Preparing paste information popup Next: User Account Control on Terminal Server 2008 |