Hi Mark, If you want to enable your users to remotely login to their workstations (Windows XP) you can either make them a member of the local "administrators" or the local "remote desktop users" of their workstations. I would prefer the latter
Regards, Jorge -----Original Message----- From: Mark Orlando [mailto:[EMAIL PROTECTED] Sent: maandag 29 november 2004 19:08 To: Jorge de Almeida Pinto Subject: Re: [ActiveDir] Can't log on interactively Hi Jorge, I don't think I explained myself well enough. I, the administrator, am trying to connect to a workstation via RDP. I can connect and login as the administrator of the local machine but I can't log in as the domain user of that workstation. It gives me the error that I can't log on interactively. I want to be able to connect to any workstation on the domain and login as the domain user who's PC it is. We are running W2K and not W2K3 on our servers. I appreciate your help. Mark On Nov 29, 2004, at 12:55 PM, Jorge de Almeida Pinto wrote: > Hi Mark, > > What exactly do you want to achieve? (requirements) > > The following possibilities are available: > * On a W2K3 server (non-dc) the "Administrators" and the "Remote > Desktop Users" by default have permissions to use RDP > * On a W2K3 DC only the "Administrators" by default has permissions to > use RDP > * Create a custom group and assign that group the permission to log to > through RDP > > It is not desirable though to let a "simple user" logon to a DC. Only > configure direct access (physical or logon) for persons or admins you > trust 1000%! If I were you I wouldn't let a simple user logon to a DC. > > What's so important on that DC for that user? > > Regards, > Jorge > > -----Original Message----- > From: [EMAIL PROTECTED] > To: Active Directory Mailing List > Sent: 11/29/2004 5:43 PM > Subject: [ActiveDir] Can't log on interactively > > I can't seem to log on as the user when I connect using Remote > Desktop, and I remember changing a policy once to allow this on one of > my domain controller. However, I remember it causing the user > problem after that logging onto their respective domain. What is the > best way to accomplish this task without screwing anything up? > > > Mark Orlando > Systems Administrator > I.T. Department > Linden Public Schools > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > This e-mail and any attachment is for authorised use by the intended > recipient(s) only. It may contain proprietary material, confidential > information and/or be subject to legal privilege. It should not be > copied, disclosed to, retained or used by, any other party. If you are > not an intended recipient then please promptly delete this e-mail and > any attachment and all copies and inform the sender. Thank you. > > Mark Orlando Systems Administrator I.T. Department Linden Public Schools This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
