Domain Controller GPO

G

Guest

We had a domain controller fail the other day, which caused us to shift some
server rolls around. One of the changes we made was to turn our Terminal
server into domain controller until we buy some new equipment.

Since DCs don't allow normal users to sign on locally, users couldn't
terminal in anymore. I opened the Domain Controllers GPO, and added user
accounts to logon locally policy. Then I ran SECEDIT /refreshpolicy
machine_policy. However, unless I add the user to the Admin group , or
Backup Operators, etc. in AD, they are unable to log on to the terminal
server, and get that "The local policy of this system does not permit you to
logon interactively" message.

Any ideas?

Thanks in advance.
 
D

Derek Melber [MVP]

IF it is a 2003 DC, there is now a "Allow Logon throughTerminal Services"
user right. Give that one a try.
 
G

Guest

unfortunately its a 2000 DC.

Derek Melber said:
IF it is a 2003 DC, there is now a "Allow Logon throughTerminal Services"
user right. Give that one a try.
Click to expand...
 
M

Mark Heitbrink [MVP]

Rusty said:
unfortunately its a 2000 DC.
Click to expand...

If the "logon locally right" is not the problem, check the security
settings of the RDP protocol in TS management.

HTH
Mark
 
G

Guest

That was actually the first place I checked, all users who logon to TS have
the appropriate permissions. Thanks for you help though.

rusty.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Block Policy Inheritance not working as anticipated 4
Local Policy Prevents Login Interactively 1
Removing a policy remotely? 1
GPO not being applied 2
Domain policy on maximum password age not getting applied 2
Managing audit and security log right 2
Win2000 Terminal Server Logons not permitted 5
gPO won't take effect 2

Top