Results 1 to 4 of 4

Thread: I can't grant terminal access to users in GPO

  1. #1
    Join Date
    Feb 2006
    Posts
    185

    I can't grant terminal access to users in GPO

    I am using 4 servers in OU "TermServ", and I would like to grant terminal access to these servers to some users by GPO. I am trying to create a new GPO "terminal_access" in OU "TermServ" and give a next access right. After that I execute gpupdate /force. But if I am trying to connect by RDS to one of these servers it give me an error that I must have Terminal Server User Access permissions. In gpresult -v on these servers I see that my GPO was applied successfully:


    GPO: terminal_access
    Policy: RemoteInteractiveLogonRight
    Computer Setting: Administrators
    Domain\Domain Admins
    Domain\TestTermUser

    But when I add user for Test locally to group Remote Desktop Users, its fine, but I want to add this user through GPO. So, can anyone tell me how to do that? Thanks.

  2. #2
    Join Date
    Oct 2005
    Posts
    449

    Re: I can't grant terminal access to users in GPO

    The user right RemoteInteractiveLogonRight is the only one part of being able to log into a TS server that has remote login enabled. The other part is the permissions in the TS config, which you can connect to in the properties of the RDP in the TS confid mmc. It was the later versions of the OS which is pre-populated with the group Remote Desktop Users, hence adding you domain user to that group allowed login. You can define a domain group to hold the domain accounts that should be allowed TS login and then add this domain group to the Remote Desktop Users by a restricted group definition in GPO.

  3. #3
    Join Date
    Jan 2006
    Posts
    192

    Re: I can't grant terminal access to users in GPO

    I dont know but it should have been working. Did you try to perform a gpresult or rsop.msc to examine how the GPOs applies to the system? Otherwise I would have recommend examine how the GPOs applies to the system? Otherwise I would recommend to use Restricted Groups within a Group Policy to add another Group within AD to the local Remote Users group, have you though about that option?

  4. #4
    Join Date
    Jan 2006
    Posts
    6,878
    As per my knowledge, the users or groups need to be added to the Remote Desktop Users on the local server. What I have done is grant access for a group on the local TS server in the Remote Desktop users group and then whatever users you need to add, just add them to the group and then everything would be working fine.

Similar Threads

  1. Terminal Server users are reportedly getting new profile
    By Harin$Akshi in forum Networking & Security
    Replies: 4
    Last Post: 19-05-2011, 12:19 PM
  2. How do I grant access to web servers secure database?
    By Liliana in forum Technology & Internet
    Replies: 5
    Last Post: 13-02-2010, 04:14 AM
  3. How to Register Dll for all users in terminal server
    By Ron1 in forum Networking & Security
    Replies: 3
    Last Post: 22-07-2009, 09:30 AM
  4. Terminal services 2008 - MAC users
    By Marcus in forum Windows Server Help
    Replies: 2
    Last Post: 24-11-2008, 05:31 PM
  5. Replies: 2
    Last Post: 15-02-2008, 09:31 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •