"You do not have access to logon to this session" on domain controller
in [Terminal Services]
|
From: Vera Noest [MVP] on 1 Sep 2005 15:46 Dave <take(a)friggin.guess> wrote on 01 sep 2005 in microsoft.public.windows.terminal_services: > Vera Noest [MVP] wrote: >> Dave <take(a)friggin.guess> wrote on 31 aug 2005 in >> microsoft.public.windows.terminal_services: >> >> >>>Vera Noest [MVP] wrote: >>> >>> >>>>You have to explicitly give the users the right to "Log on >>>>Locally", in your Domain Controller Security Policy. >>>> >>> >>>I have already set this in the domain controllers policy, both >>>at the OU level (AD Users and Computers, <domain name>, Domain >>>Controllers properties, Group Policy object) and at the domain >>>controller machine level (MMC Group Policy snap-in, Local >>>Computer). Is there somewhere else I need to check for this? >> >> >> No. >> The user is not trying to connect to the console session, is >> he? Because that is impossible for non-Administrators on a DC. > > Forgive my ignorance, but what do you mean by this? Do you mean > is he trying to log onto the machine via terminal services as > the same user that is logged in at the console? Right now, noone > is logged in at the machine console. No, I mean is the user trying to connect to the console session, with the "mstsc /console" command. On a Windows 2003 server, you can "take over" the console session just as if you were logged on to the physical console. This is only possible for Administrators, though. _________________________________________________________ Vera Noest MCSE, CCEA, Microsoft MVP - Terminal Server TS troubleshooting: http://ts.veranoest.net ___ please respond in newsgroup, NOT by private email ___ |