Win2003 GPO for Logon to Terminal Services

[Guest]

If I create a GPO and apply it to a server container that enables certain
users for logging on to terminal services shouldn't that enable them to RDP
into the servers or is that a different setting somewhere?

 

[Bruce Sanderson]

To logon to Terminal Services, a user also needs the logon locally right.

I suggest that rather than using a GPO to control who can connect via RDP,
add a domain group to the local Remote Desktop Users group on the Terminal
Server, then populating the domain group with the user accounts that you
want to be able to use the Terminal Server. The local Remote Desktop Users
group, by default, gets the rights needed to logon via Terminal Services.

RDP is a Terminal Services client delivered with Windows XP and 2003.

 

[Guest]

Yeah. That would be simple. How can I keep from having to go in and turn on
RDP on a 2003 box though. Seems nothing works until I do that.

 

[Bruce Sanderson]

Apply the setting:

Computer Configuration
Administrative Templates
Windows Components
Terminal Services
Allow Users to connect remotely using Terminal Services:
Enabled

This will turn on the check mark in System Properties, Remote, Remote
Desktop, Enable Remote Desktop users ... and make it grey so no one can turn
it off.

--
Bruce Sanderson MVP Printing
http://members.shaw.ca/bsanders

It is perfectly useless to know the right answer to the wrong question.