Announcement

Collapse
No announcement yet.

problem with remote desktop for administration

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • problem with remote desktop for administration

    i have the windows server 2003 SP1 domain and 45 workstation on the win xp sp2. until yesterday i could to connect on server from everyone workstation in domain. i start the remote desktop connection on workstation, when it's open logon window on server i type username and pasword and i connected on server. today i found that i can do it and with local administrator account from workstation. i tried to prevent so that i have set gpo on domain whose is name the terminal service (computer configuration/windows settings/security settings/local policies/user right acces/ logon through terminal service and deny logon through terminal service). i have set in gpo in logon through terminal service: administrators and in ny logon through terminal service: first users then everyone. i refresh gpo with gpupdate /force. i restarted computer but i received a problem domain policy and domain controller policy are corrupted. i used tool dcgpofix /target:both and i recovered those policies. there is still a problem. when i try to connect over remote desktop over any workstation on server i receive message 'Local policy does not permit you to log on interactively' then i found on internet a guide that the gpo need set on domain controler policy http://ts.veranoest.net/ts_logon.asp. but again nothing. i tried delete both gpo on dmain and on domain controller. but nothing. i puted users, groups in remote desktop group but nothing. in the terminal service configuration, in connectio rdp-tcp/properties in security remote desktop group have the access. i don't have what i do? how i can to restrict the access to the server only the Administrators group and no longer has access?
    thank's

  • #2
    Re: problem with remote desktop for administration

    Please use RSPO or GPresult to find out which GPOs applying to your user/computer.
    Also, you may need to force permission for the domain admin like:

    Logon Local
    Logom via Terminal Server etc.

    btw.. Why you dont update the Win 2003 to the latest service pack/hotfix?!
    Best Regards,

    Yuval Sinay

    LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

    Comment


    • #3
      Re: problem with remote desktop for administration

      i used gporesult and i found that my terminal service policy applyed on domain, but the policy doesn't activate. i searched on internet and i found on microsoft site
      Also, make sure that the Remote Desktop Users group has sufficient permissions to log on through Terminal Services. To do this, follow these steps:
      Click Start, click Run, type secpol.msc, and then click OK.
      Expand Local Policies, and then click User Rights Assignment.
      In the right pane, double-click Allow logon through Terminal Services. Make sure that the Remote Desktop Users group is listed.
      Click OK.
      In the right pane, double-click Deny logon through Terminal Services. Make sure that the Remote Desktop Users group is not listed, and then click OK.
      Close the Local Security Settings snap-in.
      i didn't check local security policy of my server. domain and domain controler policies are checked and in computer configuration/windows settings/security settings/local policies/user right acces/ logon through terminal service and deny logon through terminal service i don't have nobody.
      i don't know how to force permissions for the domain admin.

      Comment


      • #4
        Re: problem with remote desktop for administration

        Please give the domain admins + remote desktop group a logon permission to TS and then use gpupdate /force
        Best Regards,

        Yuval Sinay

        LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

        Comment


        • #5
          Re: problem with remote desktop for administration

          where i give the domain admins + remote desktop group a logon permission to TS in domain gpo or domain controller gpo? i tried in both and gpupdate /force but nothing.

          Comment


          • #6
            Re: problem with remote desktop for administration

            Domain Controller GPO... and you can use gpesult/RSOP to verity the settings..
            Best Regards,

            Yuval Sinay

            LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

            Comment


            • #7
              Re: problem with remote desktop for administration

              I returned everything and everything is fine. How to disable local administrators on workstations to access the remote win server 2003 where is the domain controller?

              Comment


              • #8
                Re: problem with remote desktop for administration

                Regular Users doesnt gave permission to logon into the TS.
                However, if the DC set to be TS and/or permissions was set (e.g. logon local, logon via TS - on DC GPO) - users can login into the DC.
                Best Regards,

                Yuval Sinay

                LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

                Comment

                Working...
                X