...AKA the day in the life of a sysadmin! Below is what you guys helped me fix because I was trying to make sure I had all the info you needed. I solved it before hitting SEND, but hopefully someone finds it useful. ------------------------- I have a 2008 TS machine, works fine for most users as I simply have a "TerminalServerUser" AD group and this group is part of the servers local Remote Desktop Users group. I have an account that cannot RDP even though they ARE a member of this group. "Access is denied".
I tried to anticipate your questions: Maybe it's the client software? * It's not the RDP client software, as from my machine I can RDP to this machine as myself, but not as this user What happens if user is local admin? * If I make the user a local admin, RDP works. Try adding user explicitly? * Adding this user explicity to the local RDP group also does not work. Maybe AD setting don't allow RDP? * Same user can RDP to XP workstations just fine What about other servers (this turned out to be the key to me finding it) * RDP-ing to 2003 server with this account I get "To log on to this remote session, you must have administrator permissions on this computer" ----------------------------- Googling "To log on to this remote session, you must have administrator permissions on this computer" took me here: http://www.tech-archive.net/Archive/Windows/microsoft.public.windows.terminal_services/2006-12/msg00144.html and gave me "Is that the *exact* error message that you get? Sounds as if clients are trying to connect to the console session of the server, which is not allowed for normal users" BINGO! My RDP shortcut had the /admin switch, I completely forgot! Remove the switch, be happy. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
