Mark- If you mean the GPO in dsa.msc for "domain controllers", i also have this username included in the list: allow access through terminal server. Is that what you meant? ________________________________
From: [EMAIL PROTECTED] on behalf of Mark Parris Sent: Fri 10/28/2005 10:48 AM To: ActiveDir.org Subject: Re: [ActiveDir] Domain Controller Access No I meant the DC GPO, on who can access this computer. If it's set to Administrators then only administrators can TS on. -----Original Message----- From: "Kevin Papula" <[EMAIL PROTECTED]> Date: Fri, 28 Oct 2005 10:01:47 To:<[email protected]> Subject: RE: [ActiveDir] Domain Controller Access To answer all questions in one email: Marcus- yes this user is a member of the RDP group Mark- in the DC security policy, allow logon through terminal server- has this username included. Is that what you meant? Katrin- in the user acct properties, terminal services tab- the box labeled deny this user permissions to log on to any terminal server is not checked. Still no access, but thanks for the replies. Kevin Papula IT Manager Kandersteg, Inc. (717) 730-9815 x10 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Katrin Wilhelm Sent: Thursday, October 27, 2005 6:58 PM To: [email protected] Subject: RE: [ActiveDir] Domain Controller Access Hi Kevin, reading what you done let's me wonder if you ticked the box in his user profile to allow logon on terminal server? Cheers Kat From: [EMAIL PROTECTED] on behalf of Mark Parris Sent: Fri 28/10/2005 8:36 AM To: [email protected] Subject: RE: [ActiveDir] Domain Controller Access What is the GPO Access this computer from the network set to in the DCs GPO? Mark From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 27 October 2005 23:04 To: [email protected] Subject: RE: [ActiveDir] Domain Controller Access Is it a member of the domain\remote desktop users group? :m:dsm:cci:mvp marcusoh.blogspot.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Papula Sent: Thursday, October 27, 2005 5:55 PM To: [email protected] Subject: RE: [ActiveDir] Domain Controller Access themolk: thanks for responding. The user has an account in the domain, which may be used to login to any computer on the domain, except DCs. From: [EMAIL PROTECTED] on behalf of Molkentin, Steve Sent: Thu 10/27/2005 5:38 PM To: [email protected] Subject: RE: [ActiveDir] Domain Controller Access Kevin, Does the user exist in this domain? If not, is there a trust in place between the domain the user exists in and the domain that the DC lives in? Just some questions, that may be way off mark... ;) themolk. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Papula Sent: Friday, 28 October 2005 2:12 AM To: [email protected] Subject: [ActiveDir] Domain Controller Access Hello everyone: I am running a test domain environment, and I cannot get a normal user the permission to remotely log on to a DC. I am just playing around with permissions, and no matter what, i always get the same error: you do not have access to logon to this session. I have entered this user into the DCs domain controller security policy, user rights, allow logon through terminal services, and local login. I have entered this user in RDP-TCP permissions, as full control. I have added this user to the GPO under domain controllers in dsa.msc This persons name was already in the list under the DCs system properties, remote, users. prob from the RDP-TCP permission addition. This user is also in the RDP group. I know this user shouldnt need access to remote into a DC because of the non-admin user state, but this is a test environment, and I am perplexed as to why I am not able to do this. Has anyone else ever come across this? Thanks for any help. -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.361 / Virus Database: 267.12.5/150 - Release Date: 10/27/2005 List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
<<winmail.dat>>
