Thanks Jorge! I will give that a try.
On Nov 30, 2004, at 4:15 AM, Jorge de Almeida Pinto wrote:
Hi Mark,
If you want to enable your users to remotely login to their workstations
(Windows XP) you can either make them a member of the local "administrators"
or the local "remote desktop users" of their workstations. I would prefer
the latter
Regards, Jorge
-----Original Message----- From: Mark Orlando [mailto:[EMAIL PROTECTED] Sent: maandag 29 november 2004 19:08 To: Jorge de Almeida Pinto Subject: Re: [ActiveDir] Can't log on interactively
Hi Jorge,
I don't think I explained myself well enough. I, the administrator, am
trying to connect to a workstation via RDP. I can connect and login as the
administrator of the local machine but I can't log in as the domain user of
that workstation. It gives me the error that I can't log on interactively.
I want to be able to connect to any workstation on the domain and login as
the domain user who's PC it is. We are running W2K and not W2K3 on our
servers. I appreciate your help.
Mark
On Nov 29, 2004, at 12:55 PM, Jorge de Almeida Pinto wrote:
Hi Mark,
What exactly do you want to achieve? (requirements)
The following possibilities are available: * On a W2K3 server (non-dc) the "Administrators" and the "Remote Desktop Users" by default have permissions to use RDP * On a W2K3 DC only the "Administrators" by default has permissions to use RDP * Create a custom group and assign that group the permission to log to through RDP
It is not desirable though to let a "simple user" logon to a DC. Only configure direct access (physical or logon) for persons or admins you trust 1000%! If I were you I wouldn't let a simple user logon to a DC.
What's so important on that DC for that user?
Regards, Jorge
-----Original Message----- From: [EMAIL PROTECTED] To: Active Directory Mailing List Sent: 11/29/2004 5:43 PM Subject: [ActiveDir] Can't log on interactively
I can't seem to log on as the user when I connect using Remote Desktop, and I remember changing a policy once to allow this on one of my domain controller. However, I remember it causing the user problem after that logging onto their respective domain. What is the best way to accomplish this task without screwing anything up?
Mark Orlando Systems Administrator I.T. Department Linden Public Schools
List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
Mark Orlando Systems Administrator I.T. Department Linden Public Schools
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Mark Orlando Systems Administrator I.T. Department Linden Public Schools
List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
