Hi Kevin, reading what you done let's me wonder if you ticked the box in his user profile to allow logon on terminal server? Cheers Kat
________________________________ From: [EMAIL PROTECTED] on behalf of Mark Parris Sent: Fri 28/10/2005 8:36 AM To: [email protected] Subject: RE: [ActiveDir] Domain Controller Access What is the GPO "Access this computer from the network" set to in the DC's GPO? Mark ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 27 October 2005 23:04 To: [email protected] Subject: RE: [ActiveDir] Domain Controller Access Is it a member of the domain\remote desktop users group? :m:dsm:cci:mvp marcusoh.blogspot.com <http://marcusoh.blogspot.com> ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Papula Sent: Thursday, October 27, 2005 5:55 PM To: [email protected] Subject: RE: [ActiveDir] Domain Controller Access themolk: thanks for responding. The user has an account in the domain, which may be used to login to any computer on the domain, except DCs. ________________________________ From: [EMAIL PROTECTED] on behalf of Molkentin, Steve Sent: Thu 10/27/2005 5:38 PM To: [email protected] Subject: RE: [ActiveDir] Domain Controller Access Kevin, Does the user exist in this domain? If not, is there a trust in place between the domain the user exists in and the domain that the DC lives in? Just some questions, that may be way off mark... ;) themolk. ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Papula Sent: Friday, 28 October 2005 2:12 AM To: [email protected] Subject: [ActiveDir] Domain Controller Access Hello everyone: I am running a test domain environment, and I cannot get a normal user the permission to remotely log on to a DC. I am just playing around with permissions, and no matter what, i always get the same error: "you do not have access to logon to this session." I have entered this user into the DCs domain controller security policy <http://computing.net/windows2003/wwwboard/forum/4535.html##> , user rights, allow logon through terminal services <http://computing.net/windows2003/wwwboard/forum/4535.html##> , and local login. I have entered this user in RDP-TCP permissions, as full control. I have added this user to the GPO under domain controllers <http://computing.net/windows2003/wwwboard/forum/4535.html##> in dsa.msc This persons name was already in the list under the DCs system properties, remote <http://computing.net/windows2003/wwwboard/forum/4535.html##> , users. prob from the RDP-TCP permission addition. This user is also in the RDP group. I know this user shouldn't need access to remote into a DC because of the non-admin user state, but this is a test environment, and I am perplexed as to why I am not able to do this. Has anyone else ever come across this? Thanks for any help. -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.361 / Virus Database: 267.12.5/150 - Release Date: 10/27/2005 Confidentiality: The contents contain privileged and/or confidential information intended for the named recipient of this email. CVGT does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email is prohibited. If you receive this email in error, please reply to us immediately and delete the document. Viruses: It is the recipient/client's duties to virus scan and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect or error. Any loss/damage incurred by using this material is not the sender's responsibility. CVGTs entire liability will be limited to resupplying the material. Please contact us at www.cvgt.com.au for further information regarding this disclaimer
<<winmail.dat>>
