TS Set up on domain

[Guest]

I have an active directory network and want to set
up a second server, that will not be the domain controller,
but will allow multiple user access through terminal server.
I want the terminal server to allow access to any domain
user, but it rejects with the message 'The local policy of this system does
not permit you to logon interactively.'

The terminal server configuration does not appear on the 'active directory
users and computers' tab, so I'm not sure how to configure this through AD.
Any suggestions would be appreciated.
Thanks,
Rick

 

[Vera Noest [MVP]]

What OS are you running on the Terminal Server?
If you run W2K, you need to give your users the "Log On Locally" user
right on the Terminal Server.
If you run 2003, you have to make your users member of the local
group "Remote Desktop Users" on the TS.

 

[Guest]

I'm using 2003.
First time I've set up TS so maybe I misunderstand something. I am trying
to avoid having to add them as local users, because I want them to use their
Domain log in. Is there a way to add them to the local Remote desk top group
using their domain user configuration, or do I need to add them as a local
user on the TS. The problem as I understand it is that if they log on to the
TS as a local user then they won't be able to see the rest of the domain
network with their assigned priviliges. I want both the domain log in
priviliges and TS access. Surely this must be possible, but I'm not sure how
to achieve that. Maybe you can clarify this for me.
Thanks,
Rick

 

[Vera Noest [MVP]]

No need to create local user accounts on the TS, just add the
domain accounts to the local Remote Desktop Users group on the TS.

--
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
--- please respond in newsgroup, NOT by private email ---

 

[Guest]

Sounds like we've come full circle. What I've learned so far is that the
reason I can't add domain users to this new TS server is not because of TS
limitations. All along I've wanted to add domain accounts to the local
Remote Desktop Users group. However, even though this server is part of the
domain and allows domain user local logons, when I try to add a domain user
to the Remote Desktop Users group, it does not recognize the domain user in
any format, it only searches the local computer for the user name. Sounds
like the problem isn't TS but a domain problem. Any thoughts on why it would
not see the domain users from this new TS server?
Thanks,
Rick

 

[Vera Noest [MVP]]

When you open the Remote Desktop Users group and click on the "Add
users" button, have you checked under the "Object types" button?
I've seen this happen when only "Users" and "Computer" objects are
selected, but not "Groups". Also check that the Location is set to
the domain.

--
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
--- please respond in newsgroup, NOT by private email ---

 

[Guest]

When I go to the Remote Desktop Users group and click on the "Add users"
button, under "Object Types" it only offers "Built in Security Principals"
and "users". Under the "Location" button it only shows this computer, it
does not offer the domain as an option.
Thanks,
Rick

 

[Guest]

Hey Rick...is your server joined to the domain? Doesn't sound like it is.

Also, don't forget to lock down your terminal server before you put it into
production. Use Group Policy for that. If you have a 2000 Active Directory,
the Terminal Server should update it with the new TS2003 Group Policy
Objects. Can't remember if that's updated when you join the server to the
domain or if you need to bring up the Group Policy Snap-In in an MMC on the
server first. Good luck...

Steve

 

[Vera Noest [MVP]]

Are you sure that the TS is a member of the domain?
Are you using a Domain Administrator account (not the local
Administrator account on the TS)?

--
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
--- please respond in newsgroup, NOT by private email ---