| Author |
Message |
Steven L Umbach
Guest
|
 Posted:
Tue Feb 15, 2005 6:48 am Post subject:
Re: The local policy of this system does not allow you to lo |
|
|
On the Terminal Server, what is the effective setting for allow logon
through terminal services and deny logon through terminal services, what
users and groups are included?? The deny user right will always override the
allow user right for a user or a group. ---Steve
"Josh" <mrblonde@ameritech.net> wrote in message
news:1108429730.567870.105400@z14g2000cwz.googlegroups.com...
| Quote: |
Don Wilwol wrote:
Try to open a desktop session, right from the desktop of the server.
If I do that from the Terminal Server, type the username and password
and select the domain, I get the error
If I do that from the DC, type the username and password and select the
domain, I get the error
I cannot select (this computer) from the log on to: area because that
user name does not exist on the Terminal Server Computer and I will get
an error. The Terminal Server and DC are two seperate PC's.
|
|
|
| Back to top |
|
 |
Josh
Guest
|
| Posted:
Tue Feb 15, 2005 11:43 pm Post subject:
Re: The local policy of this system does not allow you to lo |
|
|
Steven L Umbach wrote:
| Quote: | On the Terminal Server, what is the effective setting for allow logon
through terminal services and deny logon through terminal services,
what
users and groups are included??
|
Administrators and Remote Desktop Users. I cannot add the user to this
area or to the group Remote Desktop Users on this Server because he
exists on the DC and does not exist on this server. In other words,
when I log on to the TS, I am logging on to the Domain.
| Quote: | The deny user right will always override the
allow user right for a user or a group. ---Steve
|
The deny settings are not defined
| Quote: |
"Josh" <mrblonde@ameritech.net> wrote in message
news:1108429730.567870.105400@z14g2000cwz.googlegroups.com...
Don Wilwol wrote:
Try to open a desktop session, right from the desktop of the
server.
If I do that from the Terminal Server, type the username and
password
and select the domain, I get the error
If I do that from the DC, type the username and password and select
the
domain, I get the error
I cannot select (this computer) from the log on to: area because
that
user name does not exist on the Terminal Server Computer and I will
get
an error. The Terminal Server and DC are two seperate PC's.
|
|
|
| Back to top |
|
|
Steven L Umbach
Guest
|
| Posted:
Wed Feb 16, 2005 12:28 am Post subject:
Re: The local policy of this system does not allow you to lo |
|
|
You still can add any domain user to the Remote Desktop Users group on the
Terminal Server [assuming the TS is a domain computer]. Logon to the TS as
an administrators and use local users and groups and then add the users that
you want to access this server to the local Remote Desktop Users group [make
sure to select domain in "look in". If the user exists on the DC he is a
domain user. If the TS is not a domain member, only users in the TS local
users and groups will be able to access the TS after you add them to the
Remote Desktop Users group. If this is a domain computer and you can not add
domain users, then you may be having a connectivity problem, secure channel
problem, or name resolution problem to a domain controller and running the
support tool netdiag on the TS server would be a good idea to do to check on
those issues looking for pertinent failed tests. --- Steve
"Josh" <mrblonde@ameritech.net> wrote in message
news:1108489398.380443.190660@c13g2000cwb.googlegroups.com...
| Quote: |
Steven L Umbach wrote:
On the Terminal Server, what is the effective setting for allow logon
through terminal services and deny logon through terminal services,
what
users and groups are included??
Administrators and Remote Desktop Users. I cannot add the user to this
area or to the group Remote Desktop Users on this Server because he
exists on the DC and does not exist on this server. In other words,
when I log on to the TS, I am logging on to the Domain.
The deny user right will always override the
allow user right for a user or a group. ---Steve
The deny settings are not defined
"Josh" <mrblonde@ameritech.net> wrote in message
news:1108429730.567870.105400@z14g2000cwz.googlegroups.com...
Don Wilwol wrote:
Try to open a desktop session, right from the desktop of the
server.
If I do that from the Terminal Server, type the username and
password
and select the domain, I get the error
If I do that from the DC, type the username and password and select
the
domain, I get the error
I cannot select (this computer) from the log on to: area because
that
user name does not exist on the Terminal Server Computer and I will
get
an error. The Terminal Server and DC are two seperate PC's.
|
|
|
| Back to top |
|
|
Josh
Guest
|
| Posted:
Wed Feb 16, 2005 12:28 am Post subject:
Re: The local policy of this system does not allow you to lo |
|
|
Since I wasn't able to add the specific user that exists on the DC to
the Terminal Server in the allow logon through Terminal Services and
allow logon locally setting, I added the group Everyone to both of
these settings and to the Terminal Services Cofiguration and this
allowed me to logon to the Domain from the Termial Server with no
error.
I don't feel comfortable giving Everyone control to these areas. If
anyone knows how to add/link the users from the DC that would be great.
Thanks to everyone for your help |
|
| Back to top |
|
|
Steven L Umbach
Guest
|
| Posted:
Wed Feb 16, 2005 1:30 am Post subject:
Re: The local policy of this system does not allow you to lo |
|
|
User do not exist on a domain controller per se - they exist in the domain
as shown in Active Directory Users and Computers. Assuming the TS is a
domain computer you certainly can add global groups from the domain to those
user rights. You can create your own domain global group, add users to that
group that you want to logon to the TS, and then add that domain global
group to the user right for logon through terminal services on the Terminal
Server OR add that global group to the Remote Desktop Users "local" group on
the Terminal Server.. --- Steve
"Josh" <mrblonde@ameritech.net> wrote in message
news:1108492127.654666.210600@z14g2000cwz.googlegroups.com...
| Quote: | Since I wasn't able to add the specific user that exists on the DC to
the Terminal Server in the allow logon through Terminal Services and
allow logon locally setting, I added the group Everyone to both of
these settings and to the Terminal Services Cofiguration and this
allowed me to logon to the Domain from the Termial Server with no
error.
I don't feel comfortable giving Everyone control to these areas. If
anyone knows how to add/link the users from the DC that would be great.
Thanks to everyone for your help
|
|
|
| Back to top |
|
|
Josh
Guest
|
| Posted:
Wed Feb 16, 2005 1:51 am Post subject:
Re: The local policy of this system does not allow you to lo |
|
|
Based on what you've said, my TS must not be domain computer. For
example, if I were to go to a folder and right-click on it, select
Sharing and Security, Click Security, Click Add, In the locations area
it will only let me choose Users, Groups, Built-in's, etc from the
server that I am at. If I click the Locations button to browse the
domain I have no other options. I do not want to install Active
Directory on this machine, but it is on the domain and can see the DC. |
|
| Back to top |
|
|
Steven L Umbach
Guest
|
| Posted:
Wed Feb 16, 2005 2:44 am Post subject:
Re: The local policy of this system does not allow you to lo |
|
|
You only have to install Active Directory on domain controllers. When you go
to System Properties and look under computer name - change or network
identification - properties as it will tell you if your computer is a domain
member or a member of a workgroup. --- Steve
"Josh" <mrblonde@ameritech.net> wrote in message
news:1108497114.647249.161750@z14g2000cwz.googlegroups.com...
| Quote: | Based on what you've said, my TS must not be domain computer. For
example, if I were to go to a folder and right-click on it, select
Sharing and Security, Click Security, Click Add, In the locations area
it will only let me choose Users, Groups, Built-in's, etc from the
server that I am at. If I click the Locations button to browse the
domain I have no other options. I do not want to install Active
Directory on this machine, but it is on the domain and can see the DC.
|
|
|
| Back to top |
|
|
Josh
Guest
|
| Posted:
Wed Feb 16, 2005 3:11 am Post subject:
Re: The local policy of this system does not allow you to lo |
|
|
It's a member of the domain, but I still can't access the Users,
Groups, Built-in's, etc that exist on the domain. Only on the local
server. |
|
| Back to top |
|
|
Steven L Umbach
Guest
|
| Posted:
Wed Feb 16, 2005 5:28 am Post subject:
Re: The local policy of this system does not allow you to lo |
|
|
Check to make sure that it is pointing to only the domain controller as it's
preferred dns server as shown by ipconfig /all and that it can ping the
domain controller by IP address and fully qualified domain name. Running the
support tool netdiag on it would be wise also to check for
network/dns/domain problems. You could also try to do join the domain group
to the TS server via the command line to see what happens as in [ net
localgroup "remote desktop users" /add "mydomain\global group" ]. You would
of course have to logon to the TS as an administrator and substitute your
domain name for "mydomain" and the name of the global group you want to
d. --- Steve
"Josh" <mrblonde@ameritech.net> wrote in message
news:1108501861.158944.205590@f14g2000cwb.googlegroups.com...
| Quote: | It's a member of the domain, but I still can't access the Users,
Groups, Built-in's, etc that exist on the domain. Only on the local
server.
|
|
|
| Back to top |
|
|
Josh
Guest
|
| Posted:
Wed Feb 16, 2005 6:45 am Post subject:
Re: The local policy of this system does not allow you to lo |
|
|
That DNS issue was the problem. I believe that is going to solve all
of my issues. Thank you.!!!!!!! |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in