Windows NT Remote Desktop Users Group Not Allowing TS Connection

  • Thread starter Thread starter Colleen
  • Start date Start date
C

Colleen

I have installed 7 TS user licenses and have the Domain Controller set up as
the licensed terminal server. Members of the admin group can TS to the
machine, but the users added to the built-in RDU group cannot. I am getting
the message:To log on this remote computer, you must be granted the Allow Log
on
through Terminal Services rigtht. By default , members of the Remote Desktop
.... " - the same one Rene in her thread was getting.

Because the terminal server is a Domain Controller, I cannot give 'local'
access to the machine, nor is it available in Computer Management in order to
do the access manually. I manually added the RDU Group into the Domain
Policy for local logon, but still no luck.

Any ideas?
 
From Vera, the repository of TS info :)

The installation doesn't differ from installing TS on a member server, but
the default permissions do not allow normal user to connect to a TS running
on a DC.
And there are some very good reasons for that. Keep in mind that a terminal
Server is just a multi-user workstation. Do you really want your users to
logon to your DC and use it as their workstation? I must strongly suggest
that you don't do this.
Apart from the security risks, you could face performance problems as well.
A DC in an Active Directory domain has quite some roles already, which are
performed in the background. A TS is tuned differently to provide the
quickest response times for interactive users. This can easily lead to
performance problems for both the DC-role and the TS-role.

That said, if you want to continue with this setup, you will have to modify
the Default Domain Controller Security Policy to grant your users the right
to Logon through Terminal Services.

"Colleen" wrote:

> I have installed 7 TS user licenses and have the Domain Controller set up as
> the licensed terminal server. Members of the admin group can TS to the
> machine, but the users added to the built-in RDU group cannot. I am getting
> the message:To log on this remote computer, you must be granted the Allow Log
> on
> through Terminal Services rigtht. By default , members of the Remote Desktop
> ... " - the same one Rene in her thread was getting.
>
> Because the terminal server is a Domain Controller, I cannot give 'local'
> access to the machine, nor is it available in Computer Management in order to
> do the access manually. I manually added the RDU Group into the Domain
> Policy for local logon, but still no luck.
>
> Any ideas?
 
Back
Top