problem with remote desktop for administration

Home Forums Virtualization Terminal Services problem with remote desktop for administration

This topic contains 7 replies, has 2 voices, and was last updated by Avatar gogi100 9 years, 10 months ago.

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • Avatar
    gogi100
    Member
    #147507

    i have the windows server 2003 SP1 domain and 45 workstation on the win xp sp2. until yesterday i could to connect on server from everyone workstation in domain. i start the remote desktop connection on workstation, when it’s open logon window on server i type username and pasword and i connected on server. today i found that i can do it and with local administrator account from workstation. i tried to prevent so that i have set gpo on domain whose is name the terminal service (computer configuration/windows settings/security settings/local policies/user right acces/ logon through terminal service and deny logon through terminal service). i have set in gpo in logon through terminal service: administrators and in ny logon through terminal service: first users then everyone. i refresh gpo with gpupdate /force. i restarted computer but i received a problem domain policy and domain controller policy are corrupted. i used tool dcgpofix /target:both and i recovered those policies. there is still a problem. when i try to connect over remote desktop over any workstation on server i receive message ‘Local policy does not permit you to log on interactively’ then i found on internet a guide that the gpo need set on domain controler policy http://ts.veranoest.net/ts_logon.asp. but again nothing. i tried delete both gpo on dmain and on domain controller. but nothing. i puted users, groups in remote desktop group but nothing. in the terminal service configuration, in connectio rdp-tcp/properties in security remote desktop group have the access. i don’t have what i do? how i can to restrict the access to the server only the Administrators group and no longer has access?
    thank’s

    Avatar
    yuval14
    Member
    #174391

    Re: problem with remote desktop for administration

    Please use RSPO or GPresult to find out which GPOs applying to your user/computer.
    Also, you may need to force permission for the domain admin like:

    Logon Local
    Logom via Terminal Server etc.

    btw.. Why you dont update the Win 2003 to the latest service pack/hotfix?!

    Avatar
    gogi100
    Member
    #334928

    Re: problem with remote desktop for administration

    i used gporesult and i found that my terminal service policy applyed on domain, but the policy doesn’t activate. i searched on internet and i found on microsoft site

    Quote:
    Also, make sure that the Remote Desktop Users group has sufficient permissions to log on through Terminal Services. To do this, follow these steps:
    Click Start, click Run, type secpol.msc, and then click OK.
    Expand Local Policies, and then click User Rights Assignment.
    In the right pane, double-click Allow logon through Terminal Services. Make sure that the Remote Desktop Users group is listed.
    Click OK.
    In the right pane, double-click Deny logon through Terminal Services. Make sure that the Remote Desktop Users group is not listed, and then click OK.
    Close the Local Security Settings snap-in.

    i didn’t check local security policy of my server. domain and domain controler policies are checked and in computer configuration/windows settings/security settings/local policies/user right acces/ logon through terminal service and deny logon through terminal service i don’t have nobody.
    i don’t know how to force permissions for the domain admin.

    Avatar
    yuval14
    Member
    #174392

    Re: problem with remote desktop for administration

    Please give the domain admins + remote desktop group a logon permission to TS and then use gpupdate /force

    Avatar
    gogi100
    Member
    #334929

    Re: problem with remote desktop for administration

    where i give the domain admins + remote desktop group a logon permission to TS in domain gpo or domain controller gpo? i tried in both and gpupdate /force but nothing.

    Avatar
    yuval14
    Member
    #174393

    Re: problem with remote desktop for administration

    Domain Controller GPO… and you can use gpesult/RSOP to verity the settings..

    Avatar
    gogi100
    Member
    #334930

    Re: problem with remote desktop for administration

    I returned everything and everything is fine. How to disable local administrators on workstations to access the remote win server 2003 where is the domain controller?

    Avatar
    yuval14
    Member
    #174395

    Re: problem with remote desktop for administration

    Regular Users doesnt gave permission to logon into the TS.
    However, if the DC set to be TS and/or permissions was set (e.g. logon local, logon via TS – on DC GPO) – users can login into the DC.

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.