Announcement

Collapse
No announcement yet.

Only domain admins can logon

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Only domain admins can logon

    Hi All

    I am new to the forum and would like to say hello to all of you. I have come here looking for answers but also hope I may be able to contribute as well.

    I have been stumped on one particular issue that I haven't been able to solve. I have done a search on this forum and haven't come across the answer, it may be here but maybe I haven't put in the correct key words so my apologies in advance if I waste anyones time on redundant questions.

    Anyway, here it goes:

    I have a main server with server 2003, 32 bit as a DC with AD & terminal services. I have added a server with 2003, 64 bit as the main terminal server. It seems to have an issue that if the users in AD are not domain admins, they cannot remote in. I get this message, Its kind of long, it says the following:

    "To log on to this computer, you must have terminal server user access permissions on this computer. By default, members of the remote desktop users group have these permissions. If you are not a member of that has these permissions, or if the remote desktop user group does not have these permissions, you must be granted these permissions manually."

    Well, the users are part of the remote desktop users group. So I decided to remote into my main server with the same user and permission and it goes right in, no problem. If I try it on the new server, no way unless I am a domain admin. I really don't want 10 users to be all domain admins.

    Let me know if anyone has any solutions to this one. Thanks, Steve

  • #2
    Re: Only domain admins can logon

    Hi,

    1. Did you change the server mode ot TS Application (This can be done from add/remove programs)?

    2. Did you add the "domain users" group as members of the "Remote Desktop Users" on the server it self (not the domain build in group....)?
    Best Regards,

    Yuval Sinay

    LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

    Comment


    • #3
      Re: Only domain admins can logon

      Hi Yuval, Thanks for the reply.

      I didn't change the server mode to TS application. I believe that this has to do with users being able to access programs after the install but I can't get a user to be able to login at all unless they are a domain admin. They, at that point, have access to all the programs. Would this hinder non-domain admins from accessing a remote session?

      You made mention of adding domain users group to the termainal server? The terminal server has remote desktop users on it but not domain users. The main server, where AD resides, allows the same user to login, no problem. The rights are setup exactly the same. The user in question does not have domain users as one of their groups. Shall I add it?

      Comment


      • #4
        Re: Only domain admins can logon

        1. Buy TS Licenses.
        2. Install and activate TS License server.
        3. Import TS licenses.
        4. Change the TS mode to application.
        Best Regards,

        Yuval Sinay

        LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

        Comment


        • #5
          Re: Only domain admins can logon

          Originally posted by mustang302 View Post
          You made mention of adding domain users group to the termainal server? The terminal server has remote desktop users on it but not domain users. The main server, where AD resides, allows the same user to login, no problem. The rights are setup exactly the same. The user in question does not have domain users as one of their groups. Shall I add it?
          "Domain users" is a Global group. All users should be members of that group by default unless specifically changed.
          When you add the group to the local Remote desktop user group in the TS you need to search for the Domain users group in the Domain or simply just add it with the format "Your Domain\domain users"
          Caesar's cipher - 3

          ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

          SFX JNRS FC U6 MNGR

          Comment

          Working...
          X