Active Directory and Terminal Server


Recommended Posts

I have a domain controller (Server 1) and a termianl server (Server 2). I set up a user in AD and make them a member of the Remote Desktop Users. I granted the Remote Desktop Users the right to lon on through Terminal Services. I can log on through Remote Desktop as the Administrator but not the user which I set up. What am I missing here?

I will be installing terminal services licenses once I get this working. Is it better to have the terminal server also be the licenses server or should I make the other server the license server?

Thanks in advance.

Link to comment
https://www.neowin.net/forum/topic/506510-active-directory-and-terminal-server/
Share on other sites

I have tried everything and I cannot log on to the through terminal services as the user I set up. I can log on locally to the terminal server. I made the domain controller also the license server but the terminal server cannot locate the license server automatically. I have to manually enter the computer name. Any help will be greatly appreciated.

Thanks

If your having problems locating your lic server

http://support.microsoft.com/kb/279561/

How to override the license server discovery process in Windows Server 2003 Terminal Services

http://technet2.microsoft.com/WindowsServe...3.mspx?mfr=true

Set preferred Terminal Server license servers

Not sure exactly what you mean by "I have to manually enter the computer name."

Thanks for the reply Budman, but I resolved the license server. I just cannot figure out why I cannot log on to the terminal server through a terminal session with a user other than the Administrator. On the domain controller (in Domain Security Settings) I configured to allow Remote Desktop Users to connect through terminal services. I made the user a member of the Remote Desktop Group. On the terminal server in local security policy I configured Administrators and Remote Desktop Users to log on through terminal services. Here if I remove the Administrators group then I cannot log on through terminal services at all.

I apologize but I am very new to Active Directory. I am just trying to learn by doing. I was under the impression that the above is all I had to do to log on through terminal services. I am not sure why it only lets the administrator log and not the user who is the member of the Remote Desktop Group. It keeps on giving me the message that only members of the Remote Desktop Group can log on through termianl services. The user I careted is a member of the Remote Desktop Group. I just don't understand.

If I am reading what you have done correctly - you have not put the user in the LOCAL Remote Desktop users Group on the terminal server itself.. But in the domain group called the same thing.

This user needs to be placed in "termianl server (Server 2)." Local RD users group..

http://technet2.microsoft.com/WindowsServe...3.mspx?mfr=true

Enabling users to connect remotely to the server.

So you put the Domain Remote Desktop Users into the Local RD Users group?

Put the domain "USER" account you want to access the terminal server into the terminal servers local Remote Desktop Users group.

From the previous link I gave

--

It is highly recommended that you use the Remote Desktop Users group to grant individuals access to terminal servers, rather than assigning the required permissions manually

Caution: If you alter the default permissions on the Remote Desktop Users group or remove this group, members of this group might lose the ability to log on remotely to terminal servers.

--

This error "only members of the Remote Desktop Group can log on through termianl services." would sure point to you not having the account in this group.

http://technet2.microsoft.com/WindowsServe...3.mspx?mfr=true

Add users to the Remote Desktop Users group

Budman thank you very much for taking the time to help a novice. You are a genious. Everything is working great now. I have two more issues I have to learn or resolve and I will be ready to use this server.

First, I have configured DHCP on the server. Once I did that I knew that I was going to lose internet connectivity. I have learned that what I need to do is to enable DNS forwarding for internet connections. In the forwarders area of the DNS server I typed in my ISP address of the DNS servers. The internet does not work. This is the area I amtotally lost on. Can you hel pme with this also?

My second issue is that I want my terminal server users to have access to a shared printer on Server 1 (I know that this is also the domain controller and should not be a print server). What I did to allow TS users to connect is what you said above except I created a group call TS App Users and made them a member of the Local RD Users group. That way I can just add users to that domain group and give them access to the TS server. I want those same users to have access to the printer but when I log on and try to connect to the printer in AD it says that I don have rights on that computer to connect. It would benice if I can somehow set up the TS User group to have access to the printer as well as the shared folder without the user havain to do anything, but I think that I am getting ahead of myself. That way when a TS App User logs on, the have a mapped drive to the share and a printer all set up. I say that I am getting ahead of myself because this probably involves scripting.

I thank you in advance for taking your valuable time to help me.

I just got my first issue resolved. When I set up DHCP I picked a scope of 192.168.0.100 - 192.168.0.200. The gateway is 192.168.0.1. When I disabled DHCP on the router, I did not change the device IP to 192.168.0.1. I could not ping and IP address outside the network. Now that I can connect to the internet from the servers and the clients, I will work on the printer and share issue I mentioned above. I feel like I am learning alot setting this up. The best way to learn for me is to do.

  bankajac said:

My second issue is that I want my terminal server users to have access to a shared printer on Server 1 (I know that this is also the domain controller and should not be a print server). What I did to allow TS users to connect is what you said above except I created a group call TS App Users and made them a member of the Local RD Users group. That way I can just add users to that domain group and give them access to the TS server. I want those same users to have access to the printer but when I log on and try to connect to the printer in AD it says that I don have rights on that computer to connect. It would benice if I can somehow set up the TS User group to have access to the printer as well as the shared folder without the user havain to do anything, but I think that I am getting ahead of myself. That way when a TS App User logs on, the have a mapped drive to the share and a printer all set up. I say that I am getting ahead of myself because this probably involves scripting.

Printers

You could try and use a logon script for TS Users that would automatically connect to a printer.

To connect to printers use con2prt.exe. It should be located in your Windows/System32 directory on Server 2003.

Shared Drive

In said logon script, put a line saying

net use S: \\server\shared

to connect the S drive to \\server\shared

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • whats the deal with the richt-click menus?
    • Anthropic trained its models on copyrighted books, US judge says it's fair use by Paul Hill The rise of artificial intelligence large language models has raised many ethical debates. One of the key debates is about whether AI companies should be allowed to train their models on copyrighted books. Today, we’ve gotten a definitive answer from U.S. District Judge William Alsup, who ruled in favor of Anthropic that its use of copyrighted books to train models was indeed considered fair use. This case will be a massive relief for the likes of OpenAI, Google, and Meta who have all used thousands, if not millions, of copyrighted books to train their models. The judge also said that while the use of these books for training is fair use, it was also a copyright violation to store authors’ books in a “central library”. This adds a bit of ambiguity to the whole matter as presumably a library is needed to be compiled before training can occur. The judge essentially agreed with the argument put forth by Anthropic that its training on these books was a transformative use, meaning it more strongly falls under fair use rules that allow for the use of copyrighted works without the copyright owner’s permission. The judge compared AI to any person aspiring to be a writer. He said the AI is not trying to race ahead and replicate or supplant the copyright holders, but instead turns a “hard corner” and creates something different. One of the key complaints from authors is that sometimes the books being used to train models are obtained through piracy websites. Judge Alsup’s comments could essentially be saying that it’s a copyright violation to download the books illegally and that companies ought to purchase a copy before training on it, though, ambiguity remains. This case is monumental because it’s one of, if not, the first decision made by a judge on fair use in relation to generative AI. It is likely to set a precedent in the United States. Outside the country, his decision may be more difficult to cite based on copyright rules. In the UK, for example, there is no fair use, just fair dealing, which is more restrictive. It’ll certainly be interesting to see how the legal tussles evolve going forward, with authors seeking to protect their hard work and AI companies trying to create the latest technologies. Source: Reuters
    • TeamViewer 15.67.3 by Razvan Serea TeamViewer is the fast, simple and friendly solution for remote access over the Internet - all applications in one single, very affordable module. Remote control of computers over the Internet, Instantly take control over a computer anywhere on the Internet, even through firewalls. No installation required, just use it fast and secure. Training, sales and teamwork, TeamViewer can also be used to present your desktop to a partner on the Internet. Show and share your software, PowerPoint presentations etc. File transfer, chat and more, Share your files, chat, switch the direction during a teamwork session, and a lot more is included in TeamViewer. TeamViewer 15.67.3.0 new features: It's now possible to use the AI-based TeamViewer CoPilot functionality within a session. This feature allows users to analyze remote device data, receive suggestions on IT questions, and diagnose error messages displayed on the remote screen. This feature is accessible exclusively through the new user interface and limited to connections to Windows devices. Company administrators can now access user reports on the newly introduced Security Center page. This page offers an overview of security features that can be enabled to enhance protection at both the user and device levels. The initial release includes recommended settings within the user report. Session Insights can now be activated for all outgoing connections at the company level. By default, logging requires end-user confirmation, but this behavior can be adjusted through access control settings. The new offline filter button on the Device List page enables users to effortlessly filter out offline devices with just a single click. A new column showing the installed TeamViewer version has been added to the device list. Users can now view and sort devices by version. The Remote Support page now utilizes the classic ID and password layout. The option to start a connection via link is available in the Sessions tab. The process of adding a remote device has been simplified. It is now possible to either bookmark the device (by saving it with its ID and password) or assign it directly to a company's account for enhanced management. When the assignment option is selected, a unique link is generated. Sharing this link will either add the device directly to the list (if TeamViewer is already installed) or download TeamViewer and then automatically add the device - all in one seamless step. In general, the assignment method provides more administrative options and improved security. It is now possible for users to view contacts in the device dock. Users will now have the ability to send messages directly to devices. This option will be accessible from both the command bar and device drawer. Information about device eligibility criteria has been added to the DEX Essentials activation flow. Improvements It is now possible to resize the desktop app window and expand or collapse the navigation menus. The Connect and Overview tabs have been combined into a single view within the device details drawer. It is now easier to change device names in the device list. New functionality has also been introduced which allows the user to copy the TeamViewer ID with a single click. The most frequently used pages in the TeamViewer app have been updated to improve accessibility and usability for users with disabilities who rely on screen readers. DEX Essentials product, previously available in web app, is now available in TeamViewer Windows desktop version. It is now possible to filter by device category for all managed devices, legacy devices, contacts, legacy groups, and device groups. This makes it easier for users to manage and organize their devices effectively. The global contact search experience has been improved. The search results will now include the contact's email address. DEX Essentials activation via policy flow now allows selection of offline devices. Download: TeamViewer 15.67.3.0 | 32-bit | Portable | Mac | ~70.0 MB (Free for personal use) View: TeamViewer Home Page | Release Notes | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
  • Recent Achievements

    • Week One Done
      DrRonSr earned a badge
      Week One Done
    • Week One Done
      Sharon dixon earned a badge
      Week One Done
    • Dedicated
      Parallax Abstraction earned a badge
      Dedicated
    • First Post
      956400 earned a badge
      First Post
    • Week One Done
      davidfegan earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      597
    2. 2
      ATLien_0
      223
    3. 3
      Michael Scrip
      170
    4. 4
      +FloatingFatMan
      151
    5. 5
      Som
      136
  • Tell a friend

    Love Neowin? Tell a friend!