No announcement yet.

SBS Remote Operators & Additional DCs

  • Filter
  • Time
  • Show
Clear All
new posts

  • SBS Remote Operators & Additional DCs


    At a customer site I have a SBS2003R2 server on this server there is phone software installed which allows programming of the Panasonic PABX which is connected via USB. I have a user account configured that has is a member of SBS Remote Operators, that allows the phone company to login and configure phone system. This works all OK.

    The customer opened a second office, so we configure a Windows 2003R2 server as an additional DC on the domain and then located at the 2nd site, both sites are linked via a IPsec Sonicwall VPN. All networking works OK. However the 2nd site has again a Panasonic PABX which is connected via USB and the phone software installed. When the phone company account tries and logs in to that second server, they receive the following error:

    To log on this remote computer, you must be granted the Allow log on through Terminal Services Right........

    I have checked on the 2nd server that SBS Remote Operators have remote desktop access, and that under Terminal Services configuration DOMAIN\Remote Desktop Users have access (SBS Remote Operators is a member of Remote Desktop Users).

    Any ideas why this user cannot RDP to this 2nd DC? I really would like to avoid raising the user priviledges to Domain Admins.

    Any help appreciated!!!

  • #2
    Re: SBS Remote Operators & Additional DCs

    You answered the question yourself. Its because its a DC. Open the local security policy on the DC. (Gpedit.msc) Drill down to user rights assignments under local policies. Double click "allow logon through terminal services right" and specify the users explicitly there. Just to confirm is the second DC SBS? Also open "Deny logon though TS" and see if any users/groups are specified there. By default it should be empty.


    • #3
      Re: SBS Remote Operators & Additional DCs

      Thanks that worked.