RE: [ActiveDir] Domain Controller Access

[Mark Parris]

What is the GPO “Access this computer from the network” set to in the DC’s GPO?   Mark   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: 27 October 2005 23:04 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Domain Controller Access   Is it a member of the domain\remote desktop users group?   :m:dsm:cci:mvp  marcusoh.blogspot.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kevin Papula Sent: Thursday, October 27, 2005 5:55 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Domain Controller Access   themolk: thanks for responding.   The user has an account in the domain, which may be used to login to any computer on the domain, except DCs.   From: [EMAIL PROTECTED] on behalf of Molkentin, Steve Sent: Thu 10/27/2005 5:38 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Domain Controller Access Kevin,   Does the user exist in this domain? If not, is there a trust in place between the domain the user exists in and the domain that the DC lives in?   Just some questions, that may be way off mark...  ;)   themolk.   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kevin Papula Sent: Friday, 28 October 2005 2:12 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Domain Controller Access Hello everyone: I am running a test domain environment, and I cannot get a normal user the permission to remotely log on to a DC. I am just playing around with permissions, and no matter what, i always get the same error: "you do not have access to logon to this session." I have entered this user into the DCs domain controller security policy, user rights, allow logon through terminal services, and local login. I have entered this user in RDP-TCP permissions, as full control. I have added this user to the GPO under domain controllers in dsa.msc This persons name was already in the list under the DCs system properties, remote, users. prob from the RDP-TCP permission addition. This user is also in the RDP group. I know this user shouldn’t need access to remote into a DC because of the non-admin user state, but this is a test environment, and I am perplexed as to why I am not able to do this. Has anyone else ever come across this? Thanks for any help.   -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.361 / Virus Database: 267.12.5/150 - Release Date: 10/27/2005