Guest Colleen Posted August 3, 2007 Posted August 3, 2007 I have installed 7 TS user licenses and have the Domain Controller set up as the licensed terminal server. Members of the admin group can TS to the machine, but the users added to the built-in RDU group cannot. I am getting the message:To log on this remote computer, you must be granted the Allow Log on through Terminal Services rigtht. By default , members of the Remote Desktop .... " - the same one Rene in her thread was getting. Because the terminal server is a Domain Controller, I cannot give 'local' access to the machine, nor is it available in Computer Management in order to do the access manually. I manually added the RDU Group into the Domain Policy for local logon, but still no luck. Any ideas?
Guest Jeff Posted August 3, 2007 Posted August 3, 2007 RE: Remote Desktop Users Group Not Allowing TS Connection From Vera, the repository of TS info :) The installation doesn't differ from installing TS on a member server, but the default permissions do not allow normal user to connect to a TS running on a DC. And there are some very good reasons for that. Keep in mind that a terminal Server is just a multi-user workstation. Do you really want your users to logon to your DC and use it as their workstation? I must strongly suggest that you don't do this. Apart from the security risks, you could face performance problems as well. A DC in an Active Directory domain has quite some roles already, which are performed in the background. A TS is tuned differently to provide the quickest response times for interactive users. This can easily lead to performance problems for both the DC-role and the TS-role. That said, if you want to continue with this setup, you will have to modify the Default Domain Controller Security Policy to grant your users the right to Logon through Terminal Services. "Colleen" wrote: > I have installed 7 TS user licenses and have the Domain Controller set up as > the licensed terminal server. Members of the admin group can TS to the > machine, but the users added to the built-in RDU group cannot. I am getting > the message:To log on this remote computer, you must be granted the Allow Log > on > through Terminal Services rigtht. By default , members of the Remote Desktop > ... " - the same one Rene in her thread was getting. > > Because the terminal server is a Domain Controller, I cannot give 'local' > access to the machine, nor is it available in Computer Management in order to > do the access manually. I manually added the RDU Group into the Domain > Policy for local logon, but still no luck. > > Any ideas?
Recommended Posts