authorizing remote desktop

Hello,

So I'm trying to authorize remote desktop connection for our users in our domain. It seems what I did was unnecessary, since I was told someone made it work without touching the general policies.

I added the users that needed to do that to the group "remote desktop users" and I also added a GPO "Allow logon through Terminal Services" for the same users.

And now when I try to log on to a server with remote desktop connection it doesn't work anymore. But it works on workstation.

So I tried adding the rights to do remote desktop connections and I lost the rights to do it on servers. Is it the fact that I am on the remote desktop users group? would it be possible to be excluded from connecting to a server because of that?



I am not sure what your looking to accomplish in the big picture.

If you have a group of servers or workstation acting as RDP hosts for clients to work off of, then you will need to make sure that each user has proper permissions to do so.

You could easily create a domain group that that belongs to the local remote desktop users group on the systems in question. This should allow the user the privilege to login locally to the box itself (most important on the server side).

Otherwise, the account settings only grants or denies the user the right to use remote desktop or not. You still need to have permissions on the local machine to allow remote access. On the workstation side, if you add the domain user, or the group like I mentioned to the local remote desktop users group, you should be fine as well.

If you want to do this on a grand scale automated, you may either need to script out some changes using net user or push via GPO. depends on your end result.



I am not sure what your looking to accomplish in the big picture.

If you have a group of servers or workstation acting as RDP hosts for clients to work off of, then you will need to make sure that each user has proper permissions to do so.

You could easily create a domain group that that belongs to the local remote desktop users group on the systems in question. This should allow the user the privilege to login locally to the box itself (most important on the server side).

Otherwise, the account settings only grants or denies the user the right to use remote desktop or not. You still need to have permissions on the local machine to allow remote access. On the workstation side, if you add the domain user, or the group like I mentioned to the local remote desktop users group, you should be fine as well.

If you want to do this on a grand scale automated, you may either need to script out some changes using net user or push via GPO. depends on your end result.



think of the setting in the user account like a clapper in front of a desk lamp.

The account setting is on or off like the clapper, but that does not mean the desk lamp is on.

The local systems access permissions is the desk lamp.



If you are using the Small Business Server, there is a wizard in the setup to configure for remote access.

Yes, it is to permit remote logon to the workstations. In the User account properties, one can identify which workstation a user may connect to. This way, remote users can connect to their individual workstations when working remotely.

The Administrator is permitted to logon to the server. Two concurrent remote connections are permitted.



Are you trying to allow the users to connect to a terminal server, configured with user applications installed and terminal server licensing? In that case the configuration (adding the users to the remote desktop users group) has to be done on the terminal server, not the SBS server. You can do this in two ways:
1. Add the users to the domain Remote Desktop Users group or some other custom group you create, and then add the domain group to the Local Users and Groups/Groups/Remote Desktop Users group on the terminal server (recommended method); or

2. Add the individual domain user accounts to the terminal server Local Users and Groups/Groups/Remote Desktop Users group.



Hello,

First, what do I want to acomplish :
I was able to log in to my server (SBS 2003) using the domain administrator account. I cannot do that anymore. I want to be able to do it again. I think it should be able to do that by default, but it seems by defining the access this doesn't work anymore.


So I've been testing a bit this morning, and the server is not the problem, it is the administrator account (domain administrator). We usually always used the domain administrator to login to the server in remote desktop. I cannot login to the server with this account anymore, but my personal account works. Problem is I need administrator access on the server to make things work so I will still need to use the domain administrator account to work on it.

This account worked by default before. Maybe I have to add it explicitly somewhere (I added it to the list of users authorized to access the computer through remote access).

I you have any suggestions it would be welcome.

(I cannot find any wizard to configure remote access on SBS 2003)

Share this

Related Posts

There was an error in this gadget