New remote desktop user

D

DD

May I know for remote desktop user, they should under which member group ?
RAS & IAS group ?

Do I need to allow them local locally under the Domain controller policy ?

What is the actual configuration (under which group & etc )for the new
remote desktop user ?
 
V

Vera Noest [MVP]

Assuming that the server runs Windows 2003, all you have to do is to
make your users members of the local built-in group "Remote Desktop
Users" on the server.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?REQ=?= <DD@discussions.microsoft.com> wrote on 09 jul
2007 in microsoft.public.windows.terminal_services:

> May I know for remote desktop user, they should under which
> member group ? RAS & IAS group ?
>
> Do I need to allow them local locally under the Domain
> controller policy ?
>
> What is the actual configuration (under which group & etc )for
> the new remote desktop user ?
 
D

DD

using windows 2000, can't find the built-in group "remote desktop user

"Vera Noest [MVP]" wrote:

> Assuming that the server runs Windows 2003, all you have to do is to
> make your users members of the local built-in group "Remote Desktop
> Users" on the server.
> _________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private email ___
>
> =?Utf-8?B?REQ=?= <DD@discussions.microsoft.com> wrote on 09 jul
> 2007 in microsoft.public.windows.terminal_services:
>
> > May I know for remote desktop user, they should under which
> > member group ? RAS & IAS group ?
> >
> > Do I need to allow them local locally under the Domain
> > controller policy ?
> >
> > What is the actual configuration (under which group & etc )for
> > the new remote desktop user ?
>
 
B

Brett I. Holcomb

If I remember Win 2000 doesn't have that group. You have to grant them
some access but I'm not at work with my notes and can't remember. You
might check the MS knowledge base as that's where I found the note. If
If I remember I put in the error message I got back. I looked for it in
the KB but can't find it right now and my notes are at work.

DD wrote:
> using windows 2000, can't find the built-in group "remote desktop user
>
> "Vera Noest [MVP]" wrote:
>
>> Assuming that the server runs Windows 2003, all you have to do is to
>> make your users members of the local built-in group "Remote Desktop
>> Users" on the server.
>> _________________________________________________________
>> Vera Noest
>> MCSE, CCEA, Microsoft MVP - Terminal Server
>> TS troubleshooting: http://ts.veranoest.net
>> ___ please respond in newsgroup, NOT by private email ___
>>
>> =?Utf-8?B?REQ=?= <DD@discussions.microsoft.com> wrote on 09 jul
>> 2007 in microsoft.public.windows.terminal_services:
>>
>>> May I know for remote desktop user, they should under which
>>> member group ? RAS & IAS group ?
>>>
>>> Do I need to allow them local locally under the Domain
>>> controller policy ?
>>>
>>> What is the actual configuration (under which group & etc )for
>>> the new remote desktop user ?
 
V

Vera Noest [MVP]

Windows 2000 doesn't have this group, it was introduced with
Windows 2003.
In W2K, you have to give users the user right to "Log on Locally"
to the Terminal Server.

_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?REQ=?= <DD@discussions.microsoft.com> wrote on 10 jul
2007 in microsoft.public.windows.terminal_services:

> using windows 2000, can't find the built-in group "remote
> desktop user
>
> "Vera Noest [MVP]" wrote:
>
>> Assuming that the server runs Windows 2003, all you have to do
>> is to make your users members of the local built-in group
>> "Remote Desktop Users" on the server.
>> _________________________________________________________
>> Vera Noest
>> MCSE, CCEA, Microsoft MVP - Terminal Server
>> TS troubleshooting: http://ts.veranoest.net
>> ___ please respond in newsgroup, NOT by private email ___
>>
>> =?Utf-8?B?REQ=?= <DD@discussions.microsoft.com> wrote on 09 jul
>> 2007 in microsoft.public.windows.terminal_services:
>>
>> > May I know for remote desktop user, they should under which
>> > member group ? RAS & IAS group ?
>> >
>> > Do I need to allow them local locally under the Domain
>> > controller policy ?
>> >
>> > What is the actual configuration (under which group & etc
>> > )for the new remote desktop user ?
 
D

DD

I have lllowed the user local on locally from the Domain controlled
policy.yes, but users sometime can login sometime can not login" message" you
are not authorise to logon locally.


"Vera Noest [MVP]" wrote:

> Windows 2000 doesn't have this group, it was introduced with
> Windows 2003.
> In W2K, you have to give users the user right to "Log on Locally"
> to the Terminal Server.
>
> _________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private email ___
>
> =?Utf-8?B?REQ=?= <DD@discussions.microsoft.com> wrote on 10 jul
> 2007 in microsoft.public.windows.terminal_services:
>
> > using windows 2000, can't find the built-in group "remote
> > desktop user
> >
> > "Vera Noest [MVP]" wrote:
> >
> >> Assuming that the server runs Windows 2003, all you have to do
> >> is to make your users members of the local built-in group
> >> "Remote Desktop Users" on the server.
> >> _________________________________________________________
> >> Vera Noest
> >> MCSE, CCEA, Microsoft MVP - Terminal Server
> >> TS troubleshooting: http://ts.veranoest.net
> >> ___ please respond in newsgroup, NOT by private email ___
> >>
> >> =?Utf-8?B?REQ=?= <DD@discussions.microsoft.com> wrote on 09 jul
> >> 2007 in microsoft.public.windows.terminal_services:
> >>
> >> > May I know for remote desktop user, they should under which
> >> > member group ? RAS & IAS group ?
> >> >
> >> > Do I need to allow them local locally under the Domain
> >> > controller policy ?
> >> >
> >> > What is the actual configuration (under which group & etc
> >> > )for the new remote desktop user ?
>
 
V

Vera Noest [MVP]

Can you give the *exact* error message?

If it works sometimes, and sometimes not, I would guess that
there's a problem with the GPO which contains the "Log On Locally"
user right, and the GPO is not always applied.
Check the EventLog on the Terminal Server for any warnings or
errors.

What is the role of the Terminal Server in the domain? It is not
your DC, I hope?
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?REQ=?= <DD@discussions.microsoft.com> wrote on 13 jul
2007 in microsoft.public.windows.terminal_services:

> I have lllowed the user local on locally from the Domain
> controlled policy.yes, but users sometime can login sometime can
> not login" message" you are not authorise to logon locally.
>
>
> "Vera Noest [MVP]" wrote:
>
>> Windows 2000 doesn't have this group, it was introduced with
>> Windows 2003.
>> In W2K, you have to give users the user right to "Log on
>> Locally" to the Terminal Server.
>>
>> _________________________________________________________
>> Vera Noest
>> MCSE, CCEA, Microsoft MVP - Terminal Server
>> TS troubleshooting: http://ts.veranoest.net
>> ___ please respond in newsgroup, NOT by private email ___
>>
>> =?Utf-8?B?REQ=?= <DD@discussions.microsoft.com> wrote on 10 jul
>> 2007 in microsoft.public.windows.terminal_services:
>>
>> > using windows 2000, can't find the built-in group "remote
>> > desktop user
>> >
>> > "Vera Noest [MVP]" wrote:
>> >
>> >> Assuming that the server runs Windows 2003, all you have to
>> >> do is to make your users members of the local built-in group
>> >> "Remote Desktop Users" on the server.
>> >> _________________________________________________________
>> >> Vera Noest
>> >> MCSE, CCEA, Microsoft MVP - Terminal Server
>> >> TS troubleshooting: http://ts.veranoest.net
>> >> ___ please respond in newsgroup, NOT by private email ___
>> >>
>> >> =?Utf-8?B?REQ=?= <DD@discussions.microsoft.com> wrote on 09
>> >> jul 2007 in microsoft.public.windows.terminal_services:
>> >>
>> >> > May I know for remote desktop user, they should under
>> >> > which member group ? RAS & IAS group ?
>> >> >
>> >> > Do I need to allow them local locally under the Domain
>> >> > controller policy ?
>> >> >
>> >> > What is the actual configuration (under which group & etc
>> >> > )for the new remote desktop user ?
 
D

DD

The error ""The local policy of this system does not permit you to logon
interactively"

Already granted this user can logon locally in Domain policy.
It is my DC, I know is not recommended , but we only have two DC , so no
choice.


"Vera Noest [MVP]" wrote:

> Can you give the *exact* error message?
>
> If it works sometimes, and sometimes not, I would guess that
> there's a problem with the GPO which contains the "Log On Locally"
> user right, and the GPO is not always applied.
> Check the EventLog on the Terminal Server for any warnings or
> errors.
>
> What is the role of the Terminal Server in the domain? It is not
> your DC, I hope?
> _________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private email ___
>
> =?Utf-8?B?REQ=?= <DD@discussions.microsoft.com> wrote on 13 jul
> 2007 in microsoft.public.windows.terminal_services:
>
> > I have lllowed the user local on locally from the Domain
> > controlled policy.yes, but users sometime can login sometime can
> > not login" message" you are not authorise to logon locally.
> >
> >
> > "Vera Noest [MVP]" wrote:
> >
> >> Windows 2000 doesn't have this group, it was introduced with
> >> Windows 2003.
> >> In W2K, you have to give users the user right to "Log on
> >> Locally" to the Terminal Server.
> >>
> >> _________________________________________________________
> >> Vera Noest
> >> MCSE, CCEA, Microsoft MVP - Terminal Server
> >> TS troubleshooting: http://ts.veranoest.net
> >> ___ please respond in newsgroup, NOT by private email ___
> >>
> >> =?Utf-8?B?REQ=?= <DD@discussions.microsoft.com> wrote on 10 jul
> >> 2007 in microsoft.public.windows.terminal_services:
> >>
> >> > using windows 2000, can't find the built-in group "remote
> >> > desktop user
> >> >
> >> > "Vera Noest [MVP]" wrote:
> >> >
> >> >> Assuming that the server runs Windows 2003, all you have to
> >> >> do is to make your users members of the local built-in group
> >> >> "Remote Desktop Users" on the server.
> >> >> _________________________________________________________
> >> >> Vera Noest
> >> >> MCSE, CCEA, Microsoft MVP - Terminal Server
> >> >> TS troubleshooting: http://ts.veranoest.net
> >> >> ___ please respond in newsgroup, NOT by private email ___
> >> >>
> >> >> =?Utf-8?B?REQ=?= <DD@discussions.microsoft.com> wrote on 09
> >> >> jul 2007 in microsoft.public.windows.terminal_services:
> >> >>
> >> >> > May I know for remote desktop user, they should under
> >> >> > which member group ? RAS & IAS group ?
> >> >> >
> >> >> > Do I need to allow them local locally under the Domain
> >> >> > controller policy ?
> >> >> >
> >> >> > What is the actual configuration (under which group & etc
> >> >> > )for the new remote desktop user ?
>
 
V

Vera Noest [MVP]

Since the TS is running on your DC, you have to grant this right in
the Default Domain Controller Policy, not the Default Domain
Policy.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?REQ=?= <DD@discussions.microsoft.com> wrote on 17 jul
2007 in microsoft.public.windows.terminal_services:

> The error ""The local policy of this system does not permit you
> to logon interactively"
>
> Already granted this user can logon locally in Domain policy.
> It is my DC, I know is not recommended , but we only have two DC
> , so no choice.
>
>
> "Vera Noest [MVP]" wrote:
>
>> Can you give the *exact* error message?
>>
>> If it works sometimes, and sometimes not, I would guess that
>> there's a problem with the GPO which contains the "Log On
>> Locally" user right, and the GPO is not always applied.
>> Check the EventLog on the Terminal Server for any warnings or
>> errors.
>>
>> What is the role of the Terminal Server in the domain? It is
>> not your DC, I hope?
>> _________________________________________________________
>> Vera Noest
>> MCSE, CCEA, Microsoft MVP - Terminal Server
>> TS troubleshooting: http://ts.veranoest.net
>> ___ please respond in newsgroup, NOT by private email ___
>>
>> =?Utf-8?B?REQ=?= <DD@discussions.microsoft.com> wrote on 13 jul
>> 2007 in microsoft.public.windows.terminal_services:
>>
>> > I have lllowed the user local on locally from the Domain
>> > controlled policy.yes, but users sometime can login sometime
>> > can not login" message" you are not authorise to logon
>> > locally.
>> >
>> >
>> > "Vera Noest [MVP]" wrote:
>> >
>> >> Windows 2000 doesn't have this group, it was introduced with
>> >> Windows 2003.
>> >> In W2K, you have to give users the user right to "Log on
>> >> Locally" to the Terminal Server.
>> >>
>> >> _________________________________________________________
>> >> Vera Noest
>> >> MCSE, CCEA, Microsoft MVP - Terminal Server
>> >> TS troubleshooting: http://ts.veranoest.net
>> >> ___ please respond in newsgroup, NOT by private email ___
>> >>
>> >> =?Utf-8?B?REQ=?= <DD@discussions.microsoft.com> wrote on 10
>> >> jul 2007 in microsoft.public.windows.terminal_services:
>> >>
>> >> > using windows 2000, can't find the built-in group "remote
>> >> > desktop user
>> >> >
>> >> > "Vera Noest [MVP]" wrote:
>> >> >
>> >> >> Assuming that the server runs Windows 2003, all you have
>> >> >> to do is to make your users members of the local built-in
>> >> >> group "Remote Desktop Users" on the server.
>> >> >> _________________________________________________________
>> >> >> Vera Noest
>> >> >> MCSE, CCEA, Microsoft MVP - Terminal Server
>> >> >> TS troubleshooting: http://ts.veranoest.net
>> >> >> ___ please respond in newsgroup, NOT by private email ___
>> >> >>
>> >> >> =?Utf-8?B?REQ=?= <DD@discussions.microsoft.com> wrote on
>> >> >> 09 jul 2007 in
>> >> >> microsoft.public.windows.terminal_services:
>> >> >>
>> >> >> > May I know for remote desktop user, they should under
>> >> >> > which member group ? RAS & IAS group ?
>> >> >> >
>> >> >> > Do I need to allow them local locally under the Domain
>> >> >> > controller policy ?
>> >> >> >
>> >> >> > What is the actual configuration (under which group &
>> >> >> > etc )for the new remote desktop user ?
 
D

DD

Granted default Domain Controller policy.Encountered same problem.



"Vera Noest [MVP]" wrote:

> Since the TS is running on your DC, you have to grant this right in
> the Default Domain Controller Policy, not the Default Domain
> Policy.
> _________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private email ___
>
> =?Utf-8?B?REQ=?= <DD@discussions.microsoft.com> wrote on 17 jul
> 2007 in microsoft.public.windows.terminal_services:
>
> > The error ""The local policy of this system does not permit you
> > to logon interactively"
> >
> > Already granted this user can logon locally in Domain policy.
> > It is my DC, I know is not recommended , but we only have two DC
> > , so no choice.
> >
> >
> > "Vera Noest [MVP]" wrote:
> >
> >> Can you give the *exact* error message?
> >>
> >> If it works sometimes, and sometimes not, I would guess that
> >> there's a problem with the GPO which contains the "Log On
> >> Locally" user right, and the GPO is not always applied.
> >> Check the EventLog on the Terminal Server for any warnings or
> >> errors.
> >>
> >> What is the role of the Terminal Server in the domain? It is
> >> not your DC, I hope?
> >> _________________________________________________________
> >> Vera Noest
> >> MCSE, CCEA, Microsoft MVP - Terminal Server
> >> TS troubleshooting: http://ts.veranoest.net
> >> ___ please respond in newsgroup, NOT by private email ___
> >>
> >> =?Utf-8?B?REQ=?= <DD@discussions.microsoft.com> wrote on 13 jul
> >> 2007 in microsoft.public.windows.terminal_services:
> >>
> >> > I have lllowed the user local on locally from the Domain
> >> > controlled policy.yes, but users sometime can login sometime
> >> > can not login" message" you are not authorise to logon
> >> > locally.
> >> >
> >> >
> >> > "Vera Noest [MVP]" wrote:
> >> >
> >> >> Windows 2000 doesn't have this group, it was introduced with
> >> >> Windows 2003.
> >> >> In W2K, you have to give users the user right to "Log on
> >> >> Locally" to the Terminal Server.
> >> >>
> >> >> _________________________________________________________
> >> >> Vera Noest
> >> >> MCSE, CCEA, Microsoft MVP - Terminal Server
> >> >> TS troubleshooting: http://ts.veranoest.net
> >> >> ___ please respond in newsgroup, NOT by private email ___
> >> >>
> >> >> =?Utf-8?B?REQ=?= <DD@discussions.microsoft.com> wrote on 10
> >> >> jul 2007 in microsoft.public.windows.terminal_services:
> >> >>
> >> >> > using windows 2000, can't find the built-in group "remote
> >> >> > desktop user
> >> >> >
> >> >> > "Vera Noest [MVP]" wrote:
> >> >> >
> >> >> >> Assuming that the server runs Windows 2003, all you have
> >> >> >> to do is to make your users members of the local built-in
> >> >> >> group "Remote Desktop Users" on the server.
> >> >> >> _________________________________________________________
> >> >> >> Vera Noest
> >> >> >> MCSE, CCEA, Microsoft MVP - Terminal Server
> >> >> >> TS troubleshooting: http://ts.veranoest.net
> >> >> >> ___ please respond in newsgroup, NOT by private email ___
> >> >> >>
> >> >> >> =?Utf-8?B?REQ=?= <DD@discussions.microsoft.com> wrote on
> >> >> >> 09 jul 2007 in
> >> >> >> microsoft.public.windows.terminal_services:
> >> >> >>
> >> >> >> > May I know for remote desktop user, they should under
> >> >> >> > which member group ? RAS & IAS group ?
> >> >> >> >
> >> >> >> > Do I need to allow them local locally under the Domain
> >> >> >> > controller policy ?
> >> >> >> >
> >> >> >> > What is the actual configuration (under which group &
> >> >> >> > etc )for the new remote desktop user ?
>
 
V

Vera Noest [MVP]

I'm sorry, but then I don't know where the problem lies. I've never
run TS on a DC, and I don't have a W2K server either to test this
scenario.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?REQ=?= <DD@discussions.microsoft.com> wrote on 18 jul
2007 in microsoft.public.windows.terminal_services:

> Granted default Domain Controller policy.Encountered same
> problem.
>
>
>
> "Vera Noest [MVP]" wrote:
>
>> Since the TS is running on your DC, you have to grant this
>> right in the Default Domain Controller Policy, not the Default
>> Domain Policy.
>> _________________________________________________________
>> Vera Noest
>> MCSE, CCEA, Microsoft MVP - Terminal Server
>> TS troubleshooting: http://ts.veranoest.net
>> ___ please respond in newsgroup, NOT by private email ___
>>
>> =?Utf-8?B?REQ=?= <DD@discussions.microsoft.com> wrote on 17 jul
>> 2007 in microsoft.public.windows.terminal_services:
>>
>> > The error ""The local policy of this system does not permit
>> > you to logon interactively"
>> >
>> > Already granted this user can logon locally in Domain policy.
>> > It is my DC, I know is not recommended , but we only have two
>> > DC , so no choice.
>> >
>> >
>> > "Vera Noest [MVP]" wrote:
>> >
>> >> Can you give the *exact* error message?
>> >>
>> >> If it works sometimes, and sometimes not, I would guess that
>> >> there's a problem with the GPO which contains the "Log On
>> >> Locally" user right, and the GPO is not always applied.
>> >> Check the EventLog on the Terminal Server for any warnings
>> >> or errors.
>> >>
>> >> What is the role of the Terminal Server in the domain? It is
>> >> not your DC, I hope?
>> >> _________________________________________________________
>> >> Vera Noest
>> >> MCSE, CCEA, Microsoft MVP - Terminal Server
>> >> TS troubleshooting: http://ts.veranoest.net
>> >> ___ please respond in newsgroup, NOT by private email ___
>> >>
>> >> =?Utf-8?B?REQ=?= <DD@discussions.microsoft.com> wrote on 13
>> >> jul 2007 in microsoft.public.windows.terminal_services:
>> >>
>> >> > I have lllowed the user local on locally from the Domain
>> >> > controlled policy.yes, but users sometime can login
>> >> > sometime can not login" message" you are not authorise to
>> >> > logon locally.
>> >> >
>> >> >
>> >> > "Vera Noest [MVP]" wrote:
>> >> >
>> >> >> Windows 2000 doesn't have this group, it was introduced
>> >> >> with Windows 2003.
>> >> >> In W2K, you have to give users the user right to "Log on
>> >> >> Locally" to the Terminal Server.
>> >> >>
>> >> >> _________________________________________________________
>> >> >> Vera Noest
>> >> >> MCSE, CCEA, Microsoft MVP - Terminal Server
>> >> >> TS troubleshooting: http://ts.veranoest.net
>> >> >> ___ please respond in newsgroup, NOT by private email ___
>> >> >>
>> >> >> =?Utf-8?B?REQ=?= <DD@discussions.microsoft.com> wrote on
>> >> >> 10 jul 2007 in
>> >> >> microsoft.public.windows.terminal_services:
>> >> >>
>> >> >> > using windows 2000, can't find the built-in group
>> >> >> > "remote desktop user
>> >> >> >
>> >> >> > "Vera Noest [MVP]" wrote:
>> >> >> >
>> >> >> >> Assuming that the server runs Windows 2003, all you
>> >> >> >> have to do is to make your users members of the local
>> >> >> >> built-in group "Remote Desktop Users" on the server.
>> >> >> >> _______________________________________________________
>> >> >> >> __ Vera Noest
>> >> >> >> MCSE, CCEA, Microsoft MVP - Terminal Server
>> >> >> >> TS troubleshooting: http://ts.veranoest.net
>> >> >> >> ___ please respond in newsgroup, NOT by private email
>> >> >> >> ___
>> >> >> >>
>> >> >> >> =?Utf-8?B?REQ=?= <DD@discussions.microsoft.com> wrote
>> >> >> >> on 09 jul 2007 in
>> >> >> >> microsoft.public.windows.terminal_services:
>> >> >> >>
>> >> >> >> > May I know for remote desktop user, they should
>> >> >> >> > under which member group ? RAS & IAS group ?
>> >> >> >> >
>> >> >> >> > Do I need to allow them local locally under the
>> >> >> >> > Domain controller policy ?
>> >> >> >> >
>> >> >> >> > What is the actual configuration (under which group
>> >> >> >> > & etc )for the new remote desktop user ?
 
You must log in or register to reply here.

Similar threads

A
Windows Server 2012 R2 Remote Desktop Unaccessible to Users
Replies
0
Views
38
Ahmad Dhamiri Muhammad Farhan
A
I
Network Configuration Operators group doesnt work with new Win 11 GUI Settings.
Replies
0
Views
15
Ivan Rusev1
I
H
Grace period after removing Per User Remote Desktop CALs
Replies
0
Views
12
Heonsang
H
J
Remote Desktop Windows 11 not working on LAN network, no internet
Replies
0
Views
14
Jeff Brink1
J
O
How to refresh AD Group policy to users and devices that are permanently remote with VPN?
Replies
0
Views
71
Oneil Matlock
O
Back
Top Bottom