No announcement yet.

Remote Desktop access gone . . .

  • Filter
  • Time
  • Show
Clear All
new posts

  • Remote Desktop access gone . . .

    I was working at a school today, ghosting machines (from a dedicated server) when the computer coordinator asked if I could help with setting up users to allow external access to the domain controller. This is achieved using an activex plug-in, thru a Government portal, since the server is behind a firewall. on a VLAN.

    Following the instructions, we were able to allow access for the Domain Admins. (Obviously, this required changes to the portal beforehand.) The next step was to allow other admin staff access to the server (via Remote Access).

    Anyone except an Admin was refused access with the message "You cannot access this remote server because you do not have . . ." etc - the part about being a member of the Remote Users Group. Fair enough. I went to the Remote Users Group and added one user. No luck. I went to the Default Domain Controller Policy Settings and tried defining settings in Windows/Security Settings/User Rights. When This didn't work, I undid these changes; and the changes to the Remote Users Group.

    After this, all access for any user via Remote Desktop was blocked with the same message. I tried disabling Remote Access; then enabling it. I tried gpupdate /force. Even a restart. There are only 2 settings in Group Policy which relate to Remote Access and both of these are not defined.

    I will admit I am lost and very frustrated. What I am asking is for any tips on other settings that relate to Remote Access. I have always enabled this by Using My Computer/Properties/Remote and enabling this. It's a total nightmare now because the server is locked in a room. Thanks for your time. It's much appreciated.

  • #2
    Re: Remote Desktop access gone . . .

    Have you tried adding the relevant groups into the permissions for the machine???

    Oh and are you using XP???
    Attached Files


    • #3
      Re: Remote Desktop access gone . . .

      you can try:

      To centrally enable Remote Desktop using Group Policy:
      Computer Configuration\Administrative Templates\Windows Components\ Terminal Services
      double-click the Allow users to connect remotely using Terminal Services policy setting.

      this will enable RDP but it will not add users to the RDP group.

      to add users via GPO to the Remote Desktop User Group you can use:

      To add a domain group to the Remote Desktop Users (or any other )group via Group Policy

      To open Group Policy Management Console, click Start, click Run, and then type GPMC.msc.
      Create and link a GPO named Restricted Groups to the terminal server OU.
      Right-click the Restricted Groups GPO linked to the terminal server OU, and then click Edit.
      You can configure the Restricted Groups setting in the following location in Group Policy Object Editor:

      Computer Configuration\Windows Settings\Security Settings\Restricted Groups\
      Right-click Restricted Groups and then click Add Group.
      Click Browse, click Locations, select the locations you want to browse, and then click OK.
      Type Remote Desktop Users in the Enter the object names to select text box and then click Check Names. Or, click Advanced, and then click Find Now to list all available groups.
      Click the Remote Desktop Users group and then click OK.
      Click OK in the Add Groups dialog box to close it. The Remote Desktop Users Properties dialog box is then displayed.
      Click Add in the Members of this group section of the dialog box.
      Click Browse.
      Type the name of the domain group in the Select Users or Groups dialog box. Click Check Names, and then click OK to close this dialog box.
      Click OK to close this dialog box to finish adding the domain group to the Remote Desktop Users group.

      i have this from do a search and you will find more information about this...

      Yaniv F
      MCSE 2000 Done
      RHCE Done


      • #4
        Re: Remote Desktop access gone . . .

        On that DC, check the computer's security policy (secpol.msc).
        You can find two policies here:
        1. Who is allowed permissions for Terminalservices LogOn
        2. Who is denied for Terminalservices LogOn to this computer


        This posting is provided "AS IS" with no warranties, and confers no rights.


        ** Remember to give credit where credit's due **
        and leave Reputation Points for meaningful posts