Jump to content

Users can only login to one TS server

Guest Jared

By Guest Jared
in Windows NT Server

 Share

Recommended Posts

Guest Jared

Guest Jared

Posted
Posted

Hi,

We have 3 terminal servers running windows 2003 SP2 R2. One is working

correctly. When the same user tries to access another server they get this

error: "you must be granted the Allow logon through terminal services right.

Members of the remote desktop users have this right." I don't know if it

makes a difference but the one working server ix x64 and the other 2 aren't.

I tried changing the group policy to allow logon through terminal services

but this didn't help. Any other suggestions?

Thanks

  • Replies 11
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Vera Noest [MVP]

Guest Vera Noest [MVP]

Posted
Posted

Re: Users can only login to one TS server

 

Are all servers member servers in a domain?

Are the users members of the local built-in Remote Desktop Users

group on each server?

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

=?Utf-8?B?SmFyZWQ=?= <Jared@discussions.microsoft.com> wrote on 17

okt 2007 in microsoft.public.windows.terminal_services:

> Hi,

> We have 3 terminal servers running windows 2003 SP2 R2. One is

> working correctly. When the same user tries to access another

> server they get this error: "you must be granted the Allow logon

> through terminal services right. Members of the remote desktop

> users have this right." I don't know if it makes a difference

> but the one working server ix x64 and the other 2 aren't. I

> tried changing the group policy to allow logon through terminal

> services but this didn't help. Any other suggestions?

> Thanks

Guest moncho

Guest moncho

Posted
Posted

Re: Users can only login to one TS server

 

Jared wrote:

> Hi,

> We have 3 terminal servers running windows 2003 SP2 R2. One is working

> correctly. When the same user tries to access another server they get this

> error: "you must be granted the Allow logon through terminal services right.

> Members of the remote desktop users have this right." I don't know if it

> makes a difference but the one working server ix x64 and the other 2 aren't.

> I tried changing the group policy to allow logon through terminal services

> but this didn't help. Any other suggestions?

> Thanks

 

Are you sure this user is in a group or has been added

to the LOCAL TS RDP group on all servers?

 

I like to use security groups for multiple TS servers. It makes

administration easier and more manageable.

 

moncho

Guest Jared

Guest Jared

Posted
Posted

Re: Users can only login to one TS server

 

I thought yes to both but how can I confirm?

Thanks

 

 

"Vera Noest [MVP]" wrote:

> Are all servers member servers in a domain?

> Are the users members of the local built-in Remote Desktop Users

> group on each server?

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> ___ please respond in newsgroup, NOT by private email ___

>

> =?Utf-8?B?SmFyZWQ=?= <Jared@discussions.microsoft.com> wrote on 17

> okt 2007 in microsoft.public.windows.terminal_services:

>

> > Hi,

> > We have 3 terminal servers running windows 2003 SP2 R2. One is

> > working correctly. When the same user tries to access another

> > server they get this error: "you must be granted the Allow logon

> > through terminal services right. Members of the remote desktop

> > users have this right." I don't know if it makes a difference

> > but the one working server ix x64 and the other 2 aren't. I

> > tried changing the group policy to allow logon through terminal

> > services but this didn't help. Any other suggestions?

> > Thanks

>

Guest Vera Noest [MVP]

Guest Vera Noest [MVP]

Posted
Posted

Re: Users can only login to one TS server

 

If you don't know if your server is a Domain Controller, it

probably (hopefully :-) isn't.

You can check it by running Start - Administrative tools - Active

Directory Users and Computers. Find your server's computer account,

it's probably either in the OU "Domain Controllers" or in the OU

"Computers". Right-click the computer account - Properties. On the

General tab, there's a box named "Role". This lists it either as a

"Domain Controller", or a "Workststation or Server."

 

To check membership of the local Remote Desktop User group:

Start - Administrative tools - Computer Management - Local users

and Groups - Groups - Remote Desktop Users.

_________________________________________________________

Vera Noest MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

=?Utf-8?B?SmFyZWQ=?= <Jared@discussions.microsoft.com> wrote on 17

okt 2007 in microsoft.public.windows.terminal_services:

> I thought yes to both but how can I confirm?

> Thanks

>

>

> "Vera Noest [MVP]" wrote:

>

>> Are all servers member servers in a domain?

>> Are the users members of the local built-in Remote Desktop

>> Users group on each server?

>> _________________________________________________________

>> Vera Noest

>> MCSE, CCEA, Microsoft MVP - Terminal Server

>> TS troubleshooting: http://ts.veranoest.net

>> ___ please respond in newsgroup, NOT by private email ___

>>

>> =?Utf-8?B?SmFyZWQ=?= <Jared@discussions.microsoft.com> wrote on

>> 17 okt 2007 in microsoft.public.windows.terminal_services:

>>

>> > Hi,

>> > We have 3 terminal servers running windows 2003 SP2 R2. One

>> > is working correctly. When the same user tries to access

>> > another server they get this error: "you must be granted the

>> > Allow logon through terminal services right. Members of the

>> > remote desktop users have this right." I don't know if it

>> > makes a difference but the one working server ix x64 and the

>> > other 2 aren't. I tried changing the group policy to allow

>> > logon through terminal services but this didn't help. Any

>> > other suggestions? Thanks

Guest Jared

Guest Jared

Posted
Posted

Re: Users can only login to one TS server

 

It turned out I was checking the local tcp group but I didn't know I needed

to add the user to the local desktop users as well. Why do I set this in AD

if I still need to add them to the local computer. Is there a way to automate

this when they are added to the remote desktop group?

 

"Vera Noest [MVP]" wrote:

> If you don't know if your server is a Domain Controller, it

> probably (hopefully :-) isn't.

> You can check it by running Start - Administrative tools - Active

> Directory Users and Computers. Find your server's computer account,

> it's probably either in the OU "Domain Controllers" or in the OU

> "Computers". Right-click the computer account - Properties. On the

> General tab, there's a box named "Role". This lists it either as a

> "Domain Controller", or a "Workststation or Server."

>

> To check membership of the local Remote Desktop User group:

> Start - Administrative tools - Computer Management - Local users

> and Groups - Groups - Remote Desktop Users.

> _________________________________________________________

> Vera Noest MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> ___ please respond in newsgroup, NOT by private email ___

>

> =?Utf-8?B?SmFyZWQ=?= <Jared@discussions.microsoft.com> wrote on 17

> okt 2007 in microsoft.public.windows.terminal_services:

>

> > I thought yes to both but how can I confirm?

> > Thanks

> >

> >

> > "Vera Noest [MVP]" wrote:

> >

> >> Are all servers member servers in a domain?

> >> Are the users members of the local built-in Remote Desktop

> >> Users group on each server?

> >> _________________________________________________________

> >> Vera Noest

> >> MCSE, CCEA, Microsoft MVP - Terminal Server

> >> TS troubleshooting: http://ts.veranoest.net

> >> ___ please respond in newsgroup, NOT by private email ___

> >>

> >> =?Utf-8?B?SmFyZWQ=?= <Jared@discussions.microsoft.com> wrote on

> >> 17 okt 2007 in microsoft.public.windows.terminal_services:

> >>

> >> > Hi,

> >> > We have 3 terminal servers running windows 2003 SP2 R2. One

> >> > is working correctly. When the same user tries to access

> >> > another server they get this error: "you must be granted the

> >> > Allow logon through terminal services right. Members of the

> >> > remote desktop users have this right." I don't know if it

> >> > makes a difference but the one working server ix x64 and the

> >> > other 2 aren't. I tried changing the group policy to allow

> >> > logon through terminal services but this didn't help. Any

> >> > other suggestions? Thanks

>

Guest Vera Noest [MVP]

Guest Vera Noest [MVP]

Posted
Posted

Re: Users can only login to one TS server

 

What do you mean with "the local tcp group"?

And what do you set in AD?

 

The *only* thing you have to do is to make the users (or better: a

group to which the users belong) members of the local Remote

Desktop Users group on the TS.

Assuming a default installation, this will automatically give them

the "Logon through Terminal Services" right, as well as the proper

permissions on the rdp-tcp connection.

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

=?Utf-8?B?SmFyZWQ=?= <Jared@discussions.microsoft.com> wrote on 17

okt 2007 in microsoft.public.windows.terminal_services:

> It turned out I was checking the local tcp group but I didn't

> know I needed to add the user to the local desktop users as

> well. Why do I set this in AD if I still need to add them to the

> local computer. Is there a way to automate this when they are

> added to the remote desktop group?

>

> "Vera Noest [MVP]" wrote:

>

>> If you don't know if your server is a Domain Controller, it

>> probably (hopefully :-) isn't.

>> You can check it by running Start - Administrative tools -

>> Active Directory Users and Computers. Find your server's

>> computer account, it's probably either in the OU "Domain

>> Controllers" or in the OU "Computers". Right-click the computer

>> account - Properties. On the General tab, there's a box named

>> "Role". This lists it either as a "Domain Controller", or a

>> "Workststation or Server."

>>

>> To check membership of the local Remote Desktop User group:

>> Start - Administrative tools - Computer Management - Local

>> users and Groups - Groups - Remote Desktop Users.

>> _________________________________________________________

>> Vera Noest MCSE, CCEA, Microsoft MVP - Terminal Server

>> TS troubleshooting: http://ts.veranoest.net

>> ___ please respond in newsgroup, NOT by private email ___

>>

>> =?Utf-8?B?SmFyZWQ=?= <Jared@discussions.microsoft.com> wrote on

>> 17 okt 2007 in microsoft.public.windows.terminal_services:

>>

>> > I thought yes to both but how can I confirm?

>> > Thanks

>> >

>> >

>> > "Vera Noest [MVP]" wrote:

>> >

>> >> Are all servers member servers in a domain?

>> >> Are the users members of the local built-in Remote Desktop

>> >> Users group on each server?

>> >> _________________________________________________________

>> >> Vera Noest

>> >> MCSE, CCEA, Microsoft MVP - Terminal Server

>> >> TS troubleshooting: http://ts.veranoest.net

>> >> ___ please respond in newsgroup, NOT by private email ___

>> >>

>> >> =?Utf-8?B?SmFyZWQ=?= <Jared@discussions.microsoft.com> wrote

>> >> on 17 okt 2007 in

>> >> microsoft.public.windows.terminal_services:

>> >>

>> >> > Hi,

>> >> > We have 3 terminal servers running windows 2003 SP2 R2.

>> >> > One is working correctly. When the same user tries to

>> >> > access another server they get this error: "you must be

>> >> > granted the Allow logon through terminal services right.

>> >> > Members of the remote desktop users have this right." I

>> >> > don't know if it makes a difference but the one working

>> >> > server ix x64 and the other 2 aren't. I tried changing the

>> >> > group policy to allow logon through terminal services but

>> >> > this didn't help. Any other suggestions? Thanks

Guest Jared

Guest Jared

Posted
Posted

Re: Users can only login to one TS server

 

To see why my users couldn't login to the other servers I checked that they

were members of the remote login group in AD and that their AD profile didn't

have any ticks against them logging in remotely. I also checked that the

remote desktop user group was in the the rdp-tcp connection on the local

computer. What I didn't realise till coming here was that the desktop user

group on the server was local to that machine and not the AD group. So what I

did was add my users to the remote desktop group on the local machine and now

login works fine.

 

My question is why can't I just add my users in AD and see them show up on

any server running terminal services? Really what I want is a way to do this

so I'm not constatly adding removing users on individual servers.

Thanks a lot

Jared

 

"Vera Noest [MVP]" wrote:

> What do you mean with "the local tcp group"?

> And what do you set in AD?

>

> The *only* thing you have to do is to make the users (or better: a

> group to which the users belong) members of the local Remote

> Desktop Users group on the TS.

> Assuming a default installation, this will automatically give them

> the "Logon through Terminal Services" right, as well as the proper

> permissions on the rdp-tcp connection.

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> ___ please respond in newsgroup, NOT by private email ___

>

> =?Utf-8?B?SmFyZWQ=?= <Jared@discussions.microsoft.com> wrote on 17

> okt 2007 in microsoft.public.windows.terminal_services:

>

> > It turned out I was checking the local tcp group but I didn't

> > know I needed to add the user to the local desktop users as

> > well. Why do I set this in AD if I still need to add them to the

> > local computer. Is there a way to automate this when they are

> > added to the remote desktop group?

> >

> > "Vera Noest [MVP]" wrote:

> >

> >> If you don't know if your server is a Domain Controller, it

> >> probably (hopefully :-) isn't.

> >> You can check it by running Start - Administrative tools -

> >> Active Directory Users and Computers. Find your server's

> >> computer account, it's probably either in the OU "Domain

> >> Controllers" or in the OU "Computers". Right-click the computer

> >> account - Properties. On the General tab, there's a box named

> >> "Role". This lists it either as a "Domain Controller", or a

> >> "Workststation or Server."

> >>

> >> To check membership of the local Remote Desktop User group:

> >> Start - Administrative tools - Computer Management - Local

> >> users and Groups - Groups - Remote Desktop Users.

> >> _________________________________________________________

> >> Vera Noest MCSE, CCEA, Microsoft MVP - Terminal Server

> >> TS troubleshooting: http://ts.veranoest.net

> >> ___ please respond in newsgroup, NOT by private email ___

> >>

> >> =?Utf-8?B?SmFyZWQ=?= <Jared@discussions.microsoft.com> wrote on

> >> 17 okt 2007 in microsoft.public.windows.terminal_services:

> >>

> >> > I thought yes to both but how can I confirm?

> >> > Thanks

> >> >

> >> >

> >> > "Vera Noest [MVP]" wrote:

> >> >

> >> >> Are all servers member servers in a domain?

> >> >> Are the users members of the local built-in Remote Desktop

> >> >> Users group on each server?

> >> >> _________________________________________________________

> >> >> Vera Noest

> >> >> MCSE, CCEA, Microsoft MVP - Terminal Server

> >> >> TS troubleshooting: http://ts.veranoest.net

> >> >> ___ please respond in newsgroup, NOT by private email ___

> >> >>

> >> >> =?Utf-8?B?SmFyZWQ=?= <Jared@discussions.microsoft.com> wrote

> >> >> on 17 okt 2007 in

> >> >> microsoft.public.windows.terminal_services:

> >> >>

> >> >> > Hi,

> >> >> > We have 3 terminal servers running windows 2003 SP2 R2.

> >> >> > One is working correctly. When the same user tries to

> >> >> > access another server they get this error: "you must be

> >> >> > granted the Allow logon through terminal services right.

> >> >> > Members of the remote desktop users have this right." I

> >> >> > don't know if it makes a difference but the one working

> >> >> > server ix x64 and the other 2 aren't. I tried changing the

> >> >> > group policy to allow logon through terminal services but

> >> >> > this didn't help. Any other suggestions? Thanks

>

Guest moncho

Guest moncho

Posted
Posted

Re: Users can only login to one TS server

 

Jared wrote:

> To see why my users couldn't login to the other servers I checked that they

> were members of the remote login group in AD and that their AD profile didn't

> have any ticks against them logging in remotely. I also checked that the

> remote desktop user group was in the the rdp-tcp connection on the local

> computer. What I didn't realise till coming here was that the desktop user

> group on the server was local to that machine and not the AD group. So what I

> did was add my users to the remote desktop group on the local machine and now

> login works fine.

>

> My question is why can't I just add my users in AD and see them show up on

> any server running terminal services? Really what I want is a way to do this

> so I'm not constatly adding removing users on individual servers.

> Thanks a lot

 

I was not clear in my other post, sorry about that.

 

Why "can't I just add my users in AD and see them show up on

any server running terminal services?" I do not know, but I

do not fight it either. Someone out here in newsgroup land may

have an answer.

 

The best thing to do is create a security group in AD. Call it

TSUsers or something. Add all the users you want access to

the TS servers to this group.

 

Add the TSUsers group to the local RDU group on all your TS servers.

Now when you want a new/existing user to have access to the TS

servers, just add them to the security group in AD.

 

Now if you only want certain users to have access to specific

TS servers, just create multiple security groups and add the

users accordingly.

 

moncho

> Jared

>

> "Vera Noest [MVP]" wrote:

>

>> What do you mean with "the local tcp group"?

>> And what do you set in AD?

>>

>> The *only* thing you have to do is to make the users (or better: a

>> group to which the users belong) members of the local Remote

>> Desktop Users group on the TS.

>> Assuming a default installation, this will automatically give them

>> the "Logon through Terminal Services" right, as well as the proper

>> permissions on the rdp-tcp connection.

>> _________________________________________________________

>> Vera Noest

>> MCSE, CCEA, Microsoft MVP - Terminal Server

>> TS troubleshooting: http://ts.veranoest.net

>> ___ please respond in newsgroup, NOT by private email ___

>>

>> =?Utf-8?B?SmFyZWQ=?= <Jared@discussions.microsoft.com> wrote on 17

>> okt 2007 in microsoft.public.windows.terminal_services:

>>

>>> It turned out I was checking the local tcp group but I didn't

>>> know I needed to add the user to the local desktop users as

>>> well. Why do I set this in AD if I still need to add them to the

>>> local computer. Is there a way to automate this when they are

>>> added to the remote desktop group?

>>>

>>> "Vera Noest [MVP]" wrote:

>>>

>>>> If you don't know if your server is a Domain Controller, it

>>>> probably (hopefully :-) isn't.

>>>> You can check it by running Start - Administrative tools -

>>>> Active Directory Users and Computers. Find your server's

>>>> computer account, it's probably either in the OU "Domain

>>>> Controllers" or in the OU "Computers". Right-click the computer

>>>> account - Properties. On the General tab, there's a box named

>>>> "Role". This lists it either as a "Domain Controller", or a

>>>> "Workststation or Server."

>>>>

>>>> To check membership of the local Remote Desktop User group:

>>>> Start - Administrative tools - Computer Management - Local

>>>> users and Groups - Groups - Remote Desktop Users.

>>>> _________________________________________________________

>>>> Vera Noest MCSE, CCEA, Microsoft MVP - Terminal Server

>>>> TS troubleshooting: http://ts.veranoest.net

>>>> ___ please respond in newsgroup, NOT by private email ___

>>>>

>>>> =?Utf-8?B?SmFyZWQ=?= <Jared@discussions.microsoft.com> wrote on

>>>> 17 okt 2007 in microsoft.public.windows.terminal_services:

>>>>

>>>>> I thought yes to both but how can I confirm?

>>>>> Thanks

>>>>>

>>>>>

>>>>> "Vera Noest [MVP]" wrote:

>>>>>

>>>>>> Are all servers member servers in a domain?

>>>>>> Are the users members of the local built-in Remote Desktop

>>>>>> Users group on each server?

>>>>>> _________________________________________________________

>>>>>> Vera Noest

>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>>> ___ please respond in newsgroup, NOT by private email ___

>>>>>>

>>>>>> =?Utf-8?B?SmFyZWQ=?= <Jared@discussions.microsoft.com> wrote

>>>>>> on 17 okt 2007 in

>>>>>> microsoft.public.windows.terminal_services:

>>>>>>

>>>>>>> Hi,

>>>>>>> We have 3 terminal servers running windows 2003 SP2 R2.

>>>>>>> One is working correctly. When the same user tries to

>>>>>>> access another server they get this error: "you must be

>>>>>>> granted the Allow logon through terminal services right.

>>>>>>> Members of the remote desktop users have this right." I

>>>>>>> don't know if it makes a difference but the one working

>>>>>>> server ix x64 and the other 2 aren't. I tried changing the

>>>>>>> group policy to allow logon through terminal services but

>>>>>>> this didn't help. Any other suggestions? Thanks

Guest Vera Noest [MVP]

Guest Vera Noest [MVP]

Posted
Posted

Re: Users can only login to one TS server

 

You don't have to create this group, it already exists!

Put the users in the domain-wide AD Remote Desktop Users group, and

then add the domain group Remote Desktop Users to the local Remote

Desktop Users group on every TS.

 

The reason that this isn't done automatically is that you could

have different Terminal Servers, with different user groups for

each TS.

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

moncho <moncho@NOspmanywhere.com> wrote on 18 okt 2007 in

microsoft.public.windows.terminal_services:

> Jared wrote:

>> To see why my users couldn't login to the other servers I

>> checked that they were members of the remote login group in AD

>> and that their AD profile didn't have any ticks against them

>> logging in remotely. I also checked that the remote desktop

>> user group was in the the rdp-tcp connection on the local

>> computer. What I didn't realise till coming here was that the

>> desktop user group on the server was local to that machine and

>> not the AD group. So what I did was add my users to the remote

>> desktop group on the local machine and now login works fine.

>>

>> My question is why can't I just add my users in AD and see them

>> show up on any server running terminal services? Really what I

>> want is a way to do this so I'm not constatly adding removing

>> users on individual servers. Thanks a lot

>

> I was not clear in my other post, sorry about that.

>

> Why "can't I just add my users in AD and see them show up on

> any server running terminal services?" I do not know, but I

> do not fight it either. Someone out here in newsgroup land may

> have an answer.

>

> The best thing to do is create a security group in AD. Call it

> TSUsers or something. Add all the users you want access to

> the TS servers to this group.

>

> Add the TSUsers group to the local RDU group on all your TS

> servers. Now when you want a new/existing user to have access to

> the TS servers, just add them to the security group in AD.

>

> Now if you only want certain users to have access to specific

> TS servers, just create multiple security groups and add the

> users accordingly.

>

> moncho

>

>> Jared

>>

>> "Vera Noest [MVP]" wrote:

>>

>>> What do you mean with "the local tcp group"?

>>> And what do you set in AD?

>>>

>>> The *only* thing you have to do is to make the users (or

>>> better: a group to which the users belong) members of the

>>> local Remote Desktop Users group on the TS.

>>> Assuming a default installation, this will automatically give

>>> them the "Logon through Terminal Services" right, as well as

>>> the proper permissions on the rdp-tcp connection.

>>> _________________________________________________________

>>> Vera Noest

>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>> TS troubleshooting: http://ts.veranoest.net

>>> ___ please respond in newsgroup, NOT by private email ___

>>>

>>> =?Utf-8?B?SmFyZWQ=?= <Jared@discussions.microsoft.com> wrote

>>> on 17 okt 2007 in microsoft.public.windows.terminal_services:

>>>

>>>> It turned out I was checking the local tcp group but I didn't

>>>> know I needed to add the user to the local desktop users as

>>>> well. Why do I set this in AD if I still need to add them to

>>>> the local computer. Is there a way to automate this when they

>>>> are added to the remote desktop group?

>>>>

>>>> "Vera Noest [MVP]" wrote:

>>>>

>>>>> If you don't know if your server is a Domain Controller, it

>>>>> probably (hopefully :-) isn't.

>>>>> You can check it by running Start - Administrative tools -

>>>>> Active Directory Users and Computers. Find your server's

>>>>> computer account, it's probably either in the OU "Domain

>>>>> Controllers" or in the OU "Computers". Right-click the

>>>>> computer account - Properties. On the General tab, there's a

>>>>> box named "Role". This lists it either as a "Domain

>>>>> Controller", or a "Workststation or Server."

>>>>>

>>>>> To check membership of the local Remote Desktop User group:

>>>>> Start - Administrative tools - Computer Management - Local

>>>>> users and Groups - Groups - Remote Desktop Users.

>>>>> _________________________________________________________

>>>>> Vera Noest MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>> ___ please respond in newsgroup, NOT by private email ___

>>>>>

>>>>> =?Utf-8?B?SmFyZWQ=?= <Jared@discussions.microsoft.com> wrote

>>>>> on 17 okt 2007 in

>>>>> microsoft.public.windows.terminal_services:

>>>>>

>>>>>> I thought yes to both but how can I confirm?

>>>>>> Thanks

>>>>>>

>>>>>>

>>>>>> "Vera Noest [MVP]" wrote:

>>>>>>

>>>>>>> Are all servers member servers in a domain?

>>>>>>> Are the users members of the local built-in Remote Desktop

>>>>>>> Users group on each server?

>>>>>>> _________________________________________________________

>>>>>>> Vera Noest

>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>>>> ___ please respond in newsgroup, NOT by private email ___

>>>>>>>

>>>>>>> =?Utf-8?B?SmFyZWQ=?= <Jared@discussions.microsoft.com>

>>>>>>> wrote on 17 okt 2007 in

>>>>>>> microsoft.public.windows.terminal_services:

>>>>>>>

>>>>>>>> Hi,

>>>>>>>> We have 3 terminal servers running windows 2003 SP2 R2.

>>>>>>>> One is working correctly. When the same user tries to

>>>>>>>> access another server they get this error: "you must be

>>>>>>>> granted the Allow logon through terminal services right.

>>>>>>>> Members of the remote desktop users have this right." I

>>>>>>>> don't know if it makes a difference but the one working

>>>>>>>> server ix x64 and the other 2 aren't. I tried changing

>>>>>>>> the group policy to allow logon through terminal services

>>>>>>>> but this didn't help. Any other suggestions? Thanks

Guest TP

Guest TP

Posted
Posted

Re: Users can only login to one TS server

 

There is no domain-wide Remote Desktop Users group. There

is a Builtin local Remote Desktop Users group for the domain

controllers, but you can't add a builtin local group to another

builtin group.

 

Also, you would not normally want to add users to the domain

Remote Desktop Users because that would make the users a

member of RDU for all the domain controllers.

 

What is typical is to create a new group in the domain and

then add the TS server's local RDU group to the new domain

group. This allows the admin to make a user a member of

the domain group when they need to grant access to the TS

(or multiple TSs if they want).

 

-TP

 

Vera Noest [MVP] wrote:

> You don't have to create this group, it already exists!

> Put the users in the domain-wide AD Remote Desktop Users group, and

> then add the domain group Remote Desktop Users to the local Remote

> Desktop Users group on every TS.

>

> The reason that this isn't done automatically is that you could

> have different Terminal Servers, with different user groups for

> each TS.

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> ___ please respond in newsgroup, NOT by private email ___

>

> moncho <moncho@NOspmanywhere.com> wrote on 18 okt 2007 in

> microsoft.public.windows.terminal_services:

Guest Vera Noest [MVP]

Guest Vera Noest [MVP]

Posted
Posted

Re: Users can only login to one TS server

 

Oops, don't know where I had my brains yesterday!

Thanks for correcting me, TP!

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

*----------- Please reply in newsgroup -------------*

 

"TP" <tperson.knowspamn@mailandnews.com> wrote on 18 okt 2007:

> There is no domain-wide Remote Desktop Users group. There

> is a Builtin local Remote Desktop Users group for the domain

> controllers, but you can't add a builtin local group to another

> builtin group.

>

> Also, you would not normally want to add users to the domain

> Remote Desktop Users because that would make the users a

> member of RDU for all the domain controllers.

>

> What is typical is to create a new group in the domain and

> then add the TS server's local RDU group to the new domain

> group. This allows the admin to make a user a member of

> the domain group when they need to grant access to the TS

> (or multiple TSs if they want).

>

> -TP

>

> Vera Noest [MVP] wrote:

>> You don't have to create this group, it already exists!

>> Put the users in the domain-wide AD Remote Desktop Users group,

>> and then add the domain group Remote Desktop Users to the local

>> Remote Desktop Users group on every TS.

>>

>> The reason that this isn't done automatically is that you could

>> have different Terminal Servers, with different user groups for

>> each TS.

>> _________________________________________________________

>> Vera Noest

>> MCSE, CCEA, Microsoft MVP - Terminal Server

>> TS troubleshooting: http://ts.veranoest.net

>> ___ please respond in newsgroup, NOT by private email ___

>>

>> moncho <moncho@NOspmanywhere.com> wrote on 18 okt 2007 in

>> microsoft.public.windows.terminal_services:

 Share
Go to topic listing
×
×
  • Create New...