Jump to content

Need to give NON-Admin ability to use TS Manager to Remote Contol others sessions

Guest Leythos

By Guest Leythos
in Windows NT Server

 Share

Recommended Posts

Guest Leythos

Guest Leythos

Posted
Posted

I have a client that wants to give a non-admin the ability to remote

control other users terminal sessions via the TS Manager.

 

Any articles on how to setup a "Domain User" with such permission?

 

--

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

  • Replies 10
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Vera Noest [MVP]

Guest Vera Noest [MVP]

Posted
Posted

Re: Need to give NON-Admin ability to use TS Manager to Remote Contol others sessions

 

Modify the user's rights on the rdp-tcp connection. Applies to 2003

as well.

 

243554 - Explanation of RDP-TCP Permissions in Windows 2000

http://support.microsoft.com/?kbid=243554

 

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

*----------- Please reply in newsgroup -------------*

 

Leythos <void@nowhere.lan> wrote on 21 jul 2008:

> I have a client that wants to give a non-admin the ability to

> remote control other users terminal sessions via the TS Manager.

>

> Any articles on how to setup a "Domain User" with such

> permission?

Guest Soo Kuan Teo [MSFT]

Guest Soo Kuan Teo [MSFT]

Posted
Posted

Re: Need to give NON-Admin ability to use TS Manager to Remote Contol others sessions

 

Can you please share with us why do you want to let non-admin to remote

control other users?

 

 

--

This posting is provided "AS IS" with no warranties, and confers no rights.

 

"Vera Noest [MVP]" <Vera.Noest@remove-this.hem.utfors.se> wrote in message

news:Xns9AE2A3E61CF75veranoesthemutforsse@207.46.248.16...

> Modify the user's rights on the rdp-tcp connection. Applies to 2003

> as well.

>

> 243554 - Explanation of RDP-TCP Permissions in Windows 2000

> http://support.microsoft.com/?kbid=243554

>

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> *----------- Please reply in newsgroup -------------*

>

> Leythos <void@nowhere.lan> wrote on 21 jul 2008:

>

>> I have a client that wants to give a non-admin the ability to

>> remote control other users terminal sessions via the TS Manager.

>>

>> Any articles on how to setup a "Domain User" with such

>> permission?

Guest Jeff Pitsch

Guest Jeff Pitsch

Posted
Posted

Re: Need to give NON-Admin ability to use TS Manager to Remote Contol others sessions

 

Keep in mind this will give those users the ability to shadow EVERYBODY on

the system. It cannot be filtered.

 

Jeff Pitsch

Microsoft MVP - Terminal Services

 

"Vera Noest [MVP]" <Vera.Noest@remove-this.hem.utfors.se> wrote in message

news:Xns9AE2A3E61CF75veranoesthemutforsse@207.46.248.16...

> Modify the user's rights on the rdp-tcp connection. Applies to 2003

> as well.

>

> 243554 - Explanation of RDP-TCP Permissions in Windows 2000

> http://support.microsoft.com/?kbid=243554

>

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> *----------- Please reply in newsgroup -------------*

>

> Leythos <void@nowhere.lan> wrote on 21 jul 2008:

>

>> I have a client that wants to give a non-admin the ability to

>> remote control other users terminal sessions via the TS Manager.

>>

>> Any articles on how to setup a "Domain User" with such

>> permission?

Guest Leythos

Guest Leythos

Posted
Posted

Re: Need to give NON-Admin ability to use TS Manager to Remote Contol others sessions

 

In article <Xns9AE2A3E61CF75veranoesthemutforsse@207.46.248.16>,

Vera.Noest@remove-this.hem.utfors.se says...

> Modify the user's rights on the rdp-tcp connection. Applies to 2003

> as well.

>

> 243554 - Explanation of RDP-TCP Permissions in Windows 2000

> http://support.microsoft.com/?kbid=243554

 

Vera, I created a Security Group and added the users into it, gave them

same permissions as "Users" and added "Remote Control" permission and

they get a denied error when trying to Remote Control any other users

session... Any ideas?

 

Thanks.

 

--

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

Guest Leythos

Guest Leythos

Posted
Posted

Re: Need to give NON-Admin ability to use TS Manager to Remote Contol others sessions

 

In article <eZxns306IHA.5012@TK2MSFTNGP02.phx.gbl>,

jeff@jeffpitschconsulting.com says...

> Keep in mind this will give those users the ability to shadow EVERYBODY on

> the system. It cannot be filtered.

 

Yep, I know and I'm unable to stop it, the manager in charge wants this

function for a few users to help with problems and training and I have

no say in this.

 

 

--

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

Guest Leythos

Guest Leythos

Posted
Posted

Re: Need to give NON-Admin ability to use TS Manager to Remote Contol others sessions

 

In article <1216665643_198872@news.usenet.com>, void@nowhere.lan says...

> In article <Xns9AE2A3E61CF75veranoesthemutforsse@207.46.248.16>,

> Vera.Noest@remove-this.hem.utfors.se says...

> > Modify the user's rights on the rdp-tcp connection. Applies to 2003

> > as well.

> >

> > 243554 - Explanation of RDP-TCP Permissions in Windows 2000

> > http://support.microsoft.com/?kbid=243554

>

> Vera, I created a Security Group and added the users into it, gave them

> same permissions as "Users" and added "Remote Control" permission and

> they get a denied error when trying to Remote Control any other users

> session... Any ideas?

 

Ok, so I'm getting "Session (ID 6) Remote Control Failed Error 5 -

Access is Denied) from Terminal Services Manager when trying to control

a session for a test user.

 

On the "terminal server configuration" settings, I selected

"Connections" and then Selected "RDP-TCP" and then right click and

Properties, Permissions Tab, added the Security group I created for

users, it's got User/Guest selected, and then I did Advanced (for

special) and enabled Query, Remote Control, Logon, Message, Connect, all

others are unchecked - none are set to deny.

 

I've logged off as the two users - one the new Remote Control user and

the other a test generic user to take control of.

 

Logged back in a both, and get the access denied error.

 

I also tried setting the Security Group to FULL ACCESS and still get

access denied.

 

Any other ideas?

 

--

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

Guest Vera Noest [MVP]

Guest Vera Noest [MVP]

Posted
Posted

Re: Need to give NON-Admin ability to use TS Manager to Remote Contol others sessions

 

Leythos <void@nowhere.lan> wrote on 21 jul 2008 in

microsoft.public.windows.terminal_services:

> In article <1216665643_198872@news.usenet.com>, void@nowhere.lan

> says...

>> In article

>> <Xns9AE2A3E61CF75veranoesthemutforsse@207.46.248.16>,

>> Vera.Noest@remove-this.hem.utfors.se says...

>> > Modify the user's rights on the rdp-tcp connection. Applies

>> > to 2003 as well.

>> >

>> > 243554 - Explanation of RDP-TCP Permissions in Windows 2000

>> > http://support.microsoft.com/?kbid=243554

>>

>> Vera, I created a Security Group and added the users into it,

>> gave them same permissions as "Users" and added "Remote

>> Control" permission and they get a denied error when trying to

>> Remote Control any other users session... Any ideas?

>

> Ok, so I'm getting "Session (ID 6) Remote Control Failed Error 5

> - Access is Denied) from Terminal Services Manager when trying

> to control a session for a test user.

>

> On the "terminal server configuration" settings, I selected

> "Connections" and then Selected "RDP-TCP" and then right click

> and Properties, Permissions Tab, added the Security group I

> created for users, it's got User/Guest selected, and then I did

> Advanced (for special) and enabled Query, Remote Control, Logon,

> Message, Connect, all others are unchecked - none are set to

> deny.

>

> I've logged off as the two users - one the new Remote Control

> user and the other a test generic user to take control of.

>

> Logged back in a both, and get the access denied error.

>

> I also tried setting the Security Group to FULL ACCESS and still

> get access denied.

>

> Any other ideas?

 

No, sorry, I thought that this would work. Will have to do some

testing.

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

Guest Leythos

Guest Leythos

Posted
Posted

Re: Need to give NON-Admin ability to use TS Manager to Remote Contol others sessions

 

In article <Xns9AE2DEC8F69F1veranoesthemutforsse@207.46.248.16>,

vera.noest@remove-this.hem.utfors.se says...

> > Ok, so I'm getting "Session (ID 6) Remote Control Failed Error 5

> > - Access is Denied) from Terminal Services Manager when trying

> > to control a session for a test user.

> >

> > On the "terminal server configuration" settings, I selected

> > "Connections" and then Selected "RDP-TCP" and then right click

> > and Properties, Permissions Tab, added the Security group I

> > created for users, it's got User/Guest selected, and then I did

> > Advanced (for special) and enabled Query, Remote Control, Logon,

> > Message, Connect, all others are unchecked - none are set to

> > deny.

> >

> > I've logged off as the two users - one the new Remote Control

> > user and the other a test generic user to take control of.

> >

> > Logged back in a both, and get the access denied error.

> >

> > I also tried setting the Security Group to FULL ACCESS and still

> > get access denied.

> >

> > Any other ideas?

>

> No, sorry, I thought that this would work. Will have to do some

> testing.

 

I'm getting the impression that the group must also me a member of some

other group on the terminal server for this to work - I've read reports

about people making the user a member of the LOCAL T/S administrators

group, but that's really bad, so that's out.

 

If you find something please let me know, thanks.

 

--

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

Guest Leythos

Guest Leythos

Posted
Posted

Re: Need to give NON-Admin ability to use TS Manager to Remote Contol others sessions

 

In article <1216678143_198903@news.usenet.com>, void@nowhere.lan says...

> > No, sorry, I thought that this would work. Will have to do some

> > testing.

>

> I'm getting the impression that the group must also me a member of some

> other group on the terminal server for this to work - I've read reports

> about people making the user a member of the LOCAL T/S administrators

> group, but that's really bad, so that's out.

>

> If you find something please let me know, thanks.

 

After waiting 30 minutes and trying again, it works. Must have been some

lag between creating two new test accounts and permissions and when it

replicated to the terminal server from the DC.

 

Thanks for the link to the article.

 

--

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

Guest Vera Noest [MVP]

Guest Vera Noest [MVP]

Posted
Posted

Re: Need to give NON-Admin ability to use TS Manager to Remote Contol others sessions

 

Leythos <void@nowhere.lan> wrote on 22 jul 2008:

> In article <1216678143_198903@news.usenet.com>, void@nowhere.lan

> says...

>> > No, sorry, I thought that this would work. Will have to do

>> > some testing.

>>

>> I'm getting the impression that the group must also me a member

>> of some other group on the terminal server for this to work -

>> I've read reports about people making the user a member of the

>> LOCAL T/S administrators group, but that's really bad, so

>> that's out.

>>

>> If you find something please let me know, thanks.

>

> After waiting 30 minutes and trying again, it works. Must have

> been some lag between creating two new test accounts and

> permissions and when it replicated to the terminal server from

> the DC.

>

> Thanks for the link to the article.

 

OK, I'm glad that it works now.

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

*----------- Please reply in newsgroup -------------*

 Share
Go to topic listing
×
×
  • Create New...