Group Policy, Remote Desktop and Domain Controller question

G

Guest

I have a 2k3 DC. I want to give an ordinary user the rights to use Remote
Desktop to access the Domain Controller.

It was my understanding that, on the Domain Controller, I would...

1) Enable Remote Desktop on the DC
2) Put the user in the Remote Desktop Users Group
3) Modify the Domain Controllers GPO to allow that user the right to log on
locally

When I do this and try to log in as the user, I get the error message The
local policy of this system does not allow you to log in interactively...what
gives?
 
R

Rickard

You also need to grant the users "Allow logon locally" on the local security
policy on the DC.

Rickard
 
G

Guest

The only way I could get it to work is put the ordinary user in the Remote
Users Group. Assign the Remote Users Group the right to log on through
Terminal Services....but I would lose the administrators ability to log onto
the Domain Controller through Remote Desktop. I have to add the
administrator account to Remote Desktop users group

If I add the Remote Desktop users group to Allow logon locally or I just add
the specific user, it does not work.
 
G

Guest

Anyone??



Daveyd said:
The only way I could get it to work is put the ordinary user in the Remote
Users Group. Assign the Remote Users Group the right to log on through
Terminal Services....but I would lose the administrators ability to log onto
the Domain Controller through Remote Desktop. I have to add the
administrator account to Remote Desktop users group

If I add the Remote Desktop users group to Allow logon locally or I just add
the specific user, it does not work.
 
G

Guest

On W2k I did this:
On the Terminal Server, start Administrative TOOLS, Terminal Services
Configuration, open folder Connections, right-click on RDP connection, open
Properties, on Tab Permissions add the user with user rights.

I hope this works the same for your W2k3...

Mieke
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top