Domain Controller GPO

[Guest]

We had a domain controller fail the other day, which caused us to shift some
server rolls around. One of the changes we made was to turn our Terminal
server into domain controller until we buy some new equipment.

Since DCs don't allow normal users to sign on locally, users couldn't
terminal in anymore. I opened the Domain Controllers GPO, and added user
accounts to logon locally policy. Then I ran SECEDIT /refreshpolicy
machine_policy. However, unless I add the user to the Admin group , or
Backup Operators, etc. in AD, they are unable to log on to the terminal
server, and get that "The local policy of this system does not permit you to
logon interactively" message.

Any ideas?

Thanks in advance.

 

[Derek Melber [MVP]]

IF it is a 2003 DC, there is now a "Allow Logon throughTerminal Services"
user right. Give that one a try.

 

[Guest]

unfortunately its a 2000 DC.

IF it is a 2003 DC, there is now a "Allow Logon throughTerminal Services"
user right. Give that one a try.

 

[Mark Heitbrink [MVP]]

unfortunately its a 2000 DC.

If the "logon locally right" is not the problem, check the security
settings of the RDP protocol in TS management.

HTH
Mark

 

[Guest]

That was actually the first place I checked, all users who logon to TS have
the appropriate permissions. Thanks for you help though.

rusty.