Vera please explain this if you can

H

halfluke

Hi,
I'm studying TS for the exam 70-290.
I'm practicing on a 2 pcs network, one is a DC, the other one a win xp
workstation.
I COULDN'T USE REMOTE DESKTOP TO CONNECT FROM XP TO 2003 DC

Yes, remote desktop users group ok etc...
Yes, Allow logon through terminal services ok etc...

I looked for 2 days... reading the newsgroup... realizing that Vera is the
guru :)

OH, The error when I tried to connect was: you need to enable Allow logon
through TS for Remote desktop users and bla bla bla...

NOW TELL ME, VERA OR ANYONE...
Opening Domain COntroller Security Policy in Administration tools,
everything seemed fine... the right users are allowed, nobody is denied...
When I opened secpol.msc from Run.... I FOUND THE TWO ACCOUNTS I WAS TRYING
TO CONNECT IN THE "DENY LOGON THROUGH TS" SETTING!!!
WHAT THE HELL? WHY?? AREN'T THEY EXACTLY THE SAME CONSOLE (I mean the GUI
and secpol.msc)??? HOW DID THEY GO THERE IN THE "DENY" SETTING?
Removed them from there, Remote desktop works...

Vera, if you know why just please dont keep the secret...

Luca
 
V

Vera Noest [MVP]

There's no need to SHOUT, Luca :)

You have been looking at 2, possibly 3 different policies:
Under Administrative Tools, there are links to both the Default
Domain Security Policy and the Default Domain Controller Security
Policy.
When you run secpol.msc, you open the Local Security Policy.

I recommend installing the Group Policy Management Console, from
http://www.microsoft.com/windowsserver2003/gpmc/default.mspx

Then use it to run a Resultant Set of Policies, for one of your
user accounts and the DC. You will see exactly which policies are
applied and in which order.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?aGFsZmx1a2U=?= <halfluke@discussions.microsoft.com>
wrote on 04 aug 2007 in
microsoft.public.windows.terminal_services:

> Hi,
> I'm studying TS for the exam 70-290.
> I'm practicing on a 2 pcs network, one is a DC, the other one a
> win xp workstation.
> I COULDN'T USE REMOTE DESKTOP TO CONNECT FROM XP TO 2003 DC
>
> Yes, remote desktop users group ok etc...
> Yes, Allow logon through terminal services ok etc...
>
> I looked for 2 days... reading the newsgroup... realizing that
> Vera is the guru :)
>
> OH, The error when I tried to connect was: you need to enable
> Allow logon through TS for Remote desktop users and bla bla
> bla...
>
> NOW TELL ME, VERA OR ANYONE...
> Opening Domain COntroller Security Policy in Administration
> tools, everything seemed fine... the right users are allowed,
> nobody is denied... When I opened secpol.msc from Run.... I
> FOUND THE TWO ACCOUNTS I WAS TRYING TO CONNECT IN THE "DENY
> LOGON THROUGH TS" SETTING!!! WHAT THE HELL? WHY?? AREN'T THEY
> EXACTLY THE SAME CONSOLE (I mean the GUI and secpol.msc)??? HOW
> DID THEY GO THERE IN THE "DENY" SETTING? Removed them from
> there, Remote desktop works...
>
> Vera, if you know why just please dont keep the secret...
>
> Luca
 
H

halfluke

thanks Vera for ur reply...

so you are saying that the Domain Controller Security Policy in Admin tools
and secpol.msc are NOT the same thing....

I was sure they were... same settings at a first look...

could u explain better the difference between the two?

Regards,
Luca

"Vera Noest [MVP]" wrote:

> There's no need to SHOUT, Luca :)
>
> You have been looking at 2, possibly 3 different policies:
> Under Administrative Tools, there are links to both the Default
> Domain Security Policy and the Default Domain Controller Security
> Policy.
> When you run secpol.msc, you open the Local Security Policy.
>
> I recommend installing the Group Policy Management Console, from
> http://www.microsoft.com/windowsserver2003/gpmc/default.mspx
>
> Then use it to run a Resultant Set of Policies, for one of your
> user accounts and the DC. You will see exactly which policies are
> applied and in which order.
> _________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private email ___
>
> =?Utf-8?B?aGFsZmx1a2U=?= <halfluke@discussions.microsoft.com>
> wrote on 04 aug 2007 in
> microsoft.public.windows.terminal_services:
>
> > Hi,
> > I'm studying TS for the exam 70-290.
> > I'm practicing on a 2 pcs network, one is a DC, the other one a
> > win xp workstation.
> > I COULDN'T USE REMOTE DESKTOP TO CONNECT FROM XP TO 2003 DC
> >
> > Yes, remote desktop users group ok etc...
> > Yes, Allow logon through terminal services ok etc...
> >
> > I looked for 2 days... reading the newsgroup... realizing that
> > Vera is the guru :)
> >
> > OH, The error when I tried to connect was: you need to enable
> > Allow logon through TS for Remote desktop users and bla bla
> > bla...
> >
> > NOW TELL ME, VERA OR ANYONE...
> > Opening Domain COntroller Security Policy in Administration
> > tools, everything seemed fine... the right users are allowed,
> > nobody is denied... When I opened secpol.msc from Run.... I
> > FOUND THE TWO ACCOUNTS I WAS TRYING TO CONNECT IN THE "DENY
> > LOGON THROUGH TS" SETTING!!! WHAT THE HELL? WHY?? AREN'T THEY
> > EXACTLY THE SAME CONSOLE (I mean the GUI and secpol.msc)??? HOW
> > DID THEY GO THERE IN THE "DENY" SETTING? Removed them from
> > there, Remote desktop works...
> >
> > Vera, if you know why just please dont keep the secret...
> >
> > Luca
>
 
V

Vera Noest [MVP]

This is more a question for a Group Policy newsgroup, Luca.
Try microsoft.public.windows.group_policy
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?aGFsZmx1a2U=?= <halfluke@discussions.microsoft.com>
wrote on 05 aug 2007 in
microsoft.public.windows.terminal_services:

> thanks Vera for ur reply...
>
> so you are saying that the Domain Controller Security Policy in
> Admin tools and secpol.msc are NOT the same thing....
>
> I was sure they were... same settings at a first look...
>
> could u explain better the difference between the two?
>
> Regards,
> Luca
>
> "Vera Noest [MVP]" wrote:
>
>> There's no need to SHOUT, Luca :)
>>
>> You have been looking at 2, possibly 3 different policies:
>> Under Administrative Tools, there are links to both the Default
>> Domain Security Policy and the Default Domain Controller
>> Security Policy.
>> When you run secpol.msc, you open the Local Security Policy.
>>
>> I recommend installing the Group Policy Management Console,
>> from
>> http://www.microsoft.com/windowsserver2003/gpmc/default.mspx
>>
>> Then use it to run a Resultant Set of Policies, for one of your
>> user accounts and the DC. You will see exactly which policies
>> are applied and in which order.
>> _________________________________________________________
>> Vera Noest
>> MCSE, CCEA, Microsoft MVP - Terminal Server
>> TS troubleshooting: http://ts.veranoest.net
>> ___ please respond in newsgroup, NOT by private email ___
>>
>> =?Utf-8?B?aGFsZmx1a2U=?= <halfluke@discussions.microsoft.com>
>> wrote on 04 aug 2007 in
>> microsoft.public.windows.terminal_services:
>>
>> > Hi,
>> > I'm studying TS for the exam 70-290.
>> > I'm practicing on a 2 pcs network, one is a DC, the other one
>> > a win xp workstation.
>> > I COULDN'T USE REMOTE DESKTOP TO CONNECT FROM XP TO 2003 DC
>> >
>> > Yes, remote desktop users group ok etc...
>> > Yes, Allow logon through terminal services ok etc...
>> >
>> > I looked for 2 days... reading the newsgroup... realizing
>> > that Vera is the guru :)
>> >
>> > OH, The error when I tried to connect was: you need to enable
>> > Allow logon through TS for Remote desktop users and bla bla
>> > bla...
>> >
>> > NOW TELL ME, VERA OR ANYONE...
>> > Opening Domain COntroller Security Policy in Administration
>> > tools, everything seemed fine... the right users are allowed,
>> > nobody is denied... When I opened secpol.msc from Run.... I
>> > FOUND THE TWO ACCOUNTS I WAS TRYING TO CONNECT IN THE "DENY
>> > LOGON THROUGH TS" SETTING!!! WHAT THE HELL? WHY?? AREN'T THEY
>> > EXACTLY THE SAME CONSOLE (I mean the GUI and secpol.msc)???
>> > HOW DID THEY GO THERE IN THE "DENY" SETTING? Removed them
>> > from there, Remote desktop works...
>> >
>> > Vera, if you know why just please dont keep the secret...
>> >
>> > Luca
 
H

halfluke

I'm starting to understand the whole matter...
I wonder why the book I'm studying doesn't cover it at all.

thanks and sorry for shouting :)

"halfluke" wrote:

> Hi,
> I'm studying TS for the exam 70-290.
> I'm practicing on a 2 pcs network, one is a DC, the other one a win xp
> workstation.
> I COULDN'T USE REMOTE DESKTOP TO CONNECT FROM XP TO 2003 DC
>
> Yes, remote desktop users group ok etc...
> Yes, Allow logon through terminal services ok etc...
>
> I looked for 2 days... reading the newsgroup... realizing that Vera is the
> guru :)
>
> OH, The error when I tried to connect was: you need to enable Allow logon
> through TS for Remote desktop users and bla bla bla...
>
> NOW TELL ME, VERA OR ANYONE...
> Opening Domain COntroller Security Policy in Administration tools,
> everything seemed fine... the right users are allowed, nobody is denied...
> When I opened secpol.msc from Run.... I FOUND THE TWO ACCOUNTS I WAS TRYING
> TO CONNECT IN THE "DENY LOGON THROUGH TS" SETTING!!!
> WHAT THE HELL? WHY?? AREN'T THEY EXACTLY THE SAME CONSOLE (I mean the GUI
> and secpol.msc)??? HOW DID THEY GO THERE IN THE "DENY" SETTING?
> Removed them from there, Remote desktop works...
>
> Vera, if you know why just please dont keep the secret...
>
> Luca
 
H

halfluke

GPOs... now I'm starting to figure out the whole matter...

I wonder why the subject is not covered in my book to prepare the 70-290
exam...

Group Policy Management Console is quite an useful tool -)

Thanks and sorry for shouting: I get crazy when I can't understand
something, I'm a natural born stubborn troubleshooter :)

Regards,
Luca


"Vera Noest [MVP]" wrote:

> This is more a question for a Group Policy newsgroup, Luca.
> Try microsoft.public.windows.group_policy
> _________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private email ___
>
> =?Utf-8?B?aGFsZmx1a2U=?= <halfluke@discussions.microsoft.com>
> wrote on 05 aug 2007 in
> microsoft.public.windows.terminal_services:
>
> > thanks Vera for ur reply...
> >
> > so you are saying that the Domain Controller Security Policy in
> > Admin tools and secpol.msc are NOT the same thing....
> >
> > I was sure they were... same settings at a first look...
> >
> > could u explain better the difference between the two?
> >
> > Regards,
> > Luca
> >
> > "Vera Noest [MVP]" wrote:
> >
> >> There's no need to SHOUT, Luca :)
> >>
> >> You have been looking at 2, possibly 3 different policies:
> >> Under Administrative Tools, there are links to both the Default
> >> Domain Security Policy and the Default Domain Controller
> >> Security Policy.
> >> When you run secpol.msc, you open the Local Security Policy.
> >>
> >> I recommend installing the Group Policy Management Console,
> >> from
> >> http://www.microsoft.com/windowsserver2003/gpmc/default.mspx
> >>
> >> Then use it to run a Resultant Set of Policies, for one of your
> >> user accounts and the DC. You will see exactly which policies
> >> are applied and in which order.
> >> _________________________________________________________
> >> Vera Noest
> >> MCSE, CCEA, Microsoft MVP - Terminal Server
> >> TS troubleshooting: http://ts.veranoest.net
> >> ___ please respond in newsgroup, NOT by private email ___
> >>
> >> =?Utf-8?B?aGFsZmx1a2U=?= <halfluke@discussions.microsoft.com>
> >> wrote on 04 aug 2007 in
> >> microsoft.public.windows.terminal_services:
> >>
> >> > Hi,
> >> > I'm studying TS for the exam 70-290.
> >> > I'm practicing on a 2 pcs network, one is a DC, the other one
> >> > a win xp workstation.
> >> > I COULDN'T USE REMOTE DESKTOP TO CONNECT FROM XP TO 2003 DC
> >> >
> >> > Yes, remote desktop users group ok etc...
> >> > Yes, Allow logon through terminal services ok etc...
> >> >
> >> > I looked for 2 days... reading the newsgroup... realizing
> >> > that Vera is the guru :)
> >> >
> >> > OH, The error when I tried to connect was: you need to enable
> >> > Allow logon through TS for Remote desktop users and bla bla
> >> > bla...
> >> >
> >> > NOW TELL ME, VERA OR ANYONE...
> >> > Opening Domain COntroller Security Policy in Administration
> >> > tools, everything seemed fine... the right users are allowed,
> >> > nobody is denied... When I opened secpol.msc from Run.... I
> >> > FOUND THE TWO ACCOUNTS I WAS TRYING TO CONNECT IN THE "DENY
> >> > LOGON THROUGH TS" SETTING!!! WHAT THE HELL? WHY?? AREN'T THEY
> >> > EXACTLY THE SAME CONSOLE (I mean the GUI and secpol.msc)???
> >> > HOW DID THEY GO THERE IN THE "DENY" SETTING? Removed them
> >> > from there, Remote desktop works...
> >> >
> >> > Vera, if you know why just please dont keep the secret...
> >> >
> >> > Luca
>
 
V

Vera Noest [MVP]

OK, Luca, no problem.
Group Policies is not part of 70-290, it's part of 70-294.

_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
*----------- Please reply in newsgroup -------------*

=?Utf-8?B?aGFsZmx1a2U=?= <halfluke@discussions.microsoft.com>
wrote on 06 aug 2007:

> GPOs... now I'm starting to figure out the whole matter...
>
> I wonder why the subject is not covered in my book to prepare
> the 70-290 exam...
>
> Group Policy Management Console is quite an useful tool -)
>
> Thanks and sorry for shouting: I get crazy when I can't
> understand something, I'm a natural born stubborn troubleshooter
> :)
>
> Regards,
> Luca
>
>
> "Vera Noest [MVP]" wrote:
>
>> This is more a question for a Group Policy newsgroup, Luca.
>> Try microsoft.public.windows.group_policy
>> _________________________________________________________
>> Vera Noest
>> MCSE, CCEA, Microsoft MVP - Terminal Server
>> TS troubleshooting: http://ts.veranoest.net
>> ___ please respond in newsgroup, NOT by private email ___
>>
>> =?Utf-8?B?aGFsZmx1a2U=?= <halfluke@discussions.microsoft.com>
>> wrote on 05 aug 2007 in
>> microsoft.public.windows.terminal_services:
>>
>> > thanks Vera for ur reply...
>> >
>> > so you are saying that the Domain Controller Security Policy
>> > in Admin tools and secpol.msc are NOT the same thing....
>> >
>> > I was sure they were... same settings at a first look...
>> >
>> > could u explain better the difference between the two?
>> >
>> > Regards,
>> > Luca
>> >
>> > "Vera Noest [MVP]" wrote:
>> >
>> >> There's no need to SHOUT, Luca :)
>> >>
>> >> You have been looking at 2, possibly 3 different policies:
>> >> Under Administrative Tools, there are links to both the
>> >> Default Domain Security Policy and the Default Domain
>> >> Controller Security Policy.
>> >> When you run secpol.msc, you open the Local Security Policy.
>> >>
>> >> I recommend installing the Group Policy Management Console,
>> >> from
>> >> http://www.microsoft.com/windowsserver2003/gpmc/default.mspx
>> >>
>> >> Then use it to run a Resultant Set of Policies, for one of
>> >> your user accounts and the DC. You will see exactly which
>> >> policies are applied and in which order.
>> >> _________________________________________________________
>> >> Vera Noest
>> >> MCSE, CCEA, Microsoft MVP - Terminal Server
>> >> TS troubleshooting: http://ts.veranoest.net
>> >> ___ please respond in newsgroup, NOT by private email ___
>> >>
>> >> =?Utf-8?B?aGFsZmx1a2U=?=
>> >> <halfluke@discussions.microsoft.com> wrote on 04 aug 2007 in
>> >> microsoft.public.windows.terminal_services:
>> >>
>> >> > Hi,
>> >> > I'm studying TS for the exam 70-290.
>> >> > I'm practicing on a 2 pcs network, one is a DC, the other
>> >> > one a win xp workstation.
>> >> > I COULDN'T USE REMOTE DESKTOP TO CONNECT FROM XP TO 2003
>> >> > DC
>> >> >
>> >> > Yes, remote desktop users group ok etc...
>> >> > Yes, Allow logon through terminal services ok etc...
>> >> >
>> >> > I looked for 2 days... reading the newsgroup... realizing
>> >> > that Vera is the guru :)
>> >> >
>> >> > OH, The error when I tried to connect was: you need to
>> >> > enable Allow logon through TS for Remote desktop users and
>> >> > bla bla bla...
>> >> >
>> >> > NOW TELL ME, VERA OR ANYONE...
>> >> > Opening Domain COntroller Security Policy in
>> >> > Administration tools, everything seemed fine... the right
>> >> > users are allowed, nobody is denied... When I opened
>> >> > secpol.msc from Run.... I FOUND THE TWO ACCOUNTS I WAS
>> >> > TRYING TO CONNECT IN THE "DENY LOGON THROUGH TS"
>> >> > SETTING!!! WHAT THE HELL? WHY?? AREN'T THEY EXACTLY THE
>> >> > SAME CONSOLE (I mean the GUI and secpol.msc)??? HOW DID
>> >> > THEY GO THERE IN THE "DENY" SETTING? Removed them
>> >> > from there, Remote desktop works...
>> >> >
>> >> > Vera, if you know why just please dont keep the secret...
>> >> >
>> >> > Luca
 
You must log in or register to reply here.

Similar threads

R
Remote Desktop Services sign-in issue -Need help with granting the right to sign in remotely
Replies
0
Views
67
Rufus Daniel John Felix
R
I
How Can I reach Greg Carmack?
Replies
0
Views
83
Ignacio Kairuz
I
T
Can you help me with this issue?
Replies
0
Views
56
Timmy JR
T
S
  • Article
Delivering Delightful Performance for More Than One Billion Users Worldwide
Replies
0
Views
190
Sharif Farag
S
B
  • Article
Announcing Windows 11 Insider Preview Build 25276
Replies
0
Views
234
Brandon LeBlanc
B
Back
Top Bottom