Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

Remote Web Workplace - Non-Admin Account Access

  • Filter
  • Time
  • Show
Clear All
new posts

  • Remote Web Workplace - Non-Admin Account Access

    We have users that log on through RWW here but they've always been set up as local administrators on their particular PCs. We recently updated their PCs and changed their local account type from administrator to a regular user so they couldn't install programs, etc. This then caused a problem to where when they tried to log on through RWW, they got a message stating "You must be granted the 'Allow log on through terminal services right...". I went into the local group policy and added their account under Local Policies->User Rights Assignment->Allow log on through terminal services". Now, when they try to log in, they get "The requested session access is denied". What other permission changes need to be made? I've been scouring google looking for the answer but have come up dry thus far. I apologize if this thread is in the wrong section...wasn't sure which one it should technically go under. The client machine is a Windows 7 box, and the server is SBS 2003 R2.

  • #2
    Re: Remote Web Workplace - Non-Admin Account Access

    Are they members of the local group Remote Desktop Users?
    ** Remember to give credit where credit is due and leave reputation points where appropriate **


    • #3
      Re: Remote Web Workplace - Non-Admin Account Access

      They are. Sorry, I should have mentioned that.


      • #4
        Re: Remote Web Workplace - Non-Admin Account Access

        I finally figured this out. In Windows 7, I went to Sytem Properties -> Remote Tab -> and on the bottom, you can select the users that you want to allow to access the PC remotely. You do this on the actual client machine.


        • #5
          Re: Remote Web Workplace - Non-Admin Account Access

          Most odd, if they are indeed members of the local Remote Desktop Users group then they should already have had the necessary permissions.

          Are you sure you weren't looking at membership of this group within the domain? Be careful because that would grant them permission to logon to your DCs.
          Gareth Howells

          BSc (Hons), MBCS, MCP, MCDST, ICCE

          Any advice is given in good faith and without warranty.

          Please give reputation points if somebody has helped you.

          "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

          "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.