0

While logged in to a windows 2003 terminal server with admin rights, and running the Terminal Services Manager, I want to right click the active sessions and 'Connect'. I'm prompted for the password of the user but this is always rejected.

After reading around, I'm guessing it's because the remote desktop user's group does not have the 'log on locally' right. But for the life of me I can't figure out where to adjust this. I'm very new to AD...I've looked 'everywhere' for a place to select Remote Desktop Users and add the ability to log on locally. I need pretty specific pointers, as I've not been able to locate this from any clues I've read so far.

Bret Fisher
  • 3,973
  • 2
  • 21
  • 25
meridian
  • 125
  • 1
  • 2
  • 11
  • I.. erm, well I'm kind of confused by your question, actually. Read the following article and see if that has an impact on what you want to ask: http://technet.microsoft.com/en-us/library/cc780699%28v=ws.10%29.aspx – HopelessN00b Aug 21 '12 at 20:58
  • But that doesn't work for me. As I said I am asked for the user's pswd, and even though I supply it, it always fails. – meridian Aug 21 '12 at 21:24

1 Answers1

0
  1. Ensure you are not on console session. I assume you are using Remote Desktop GUI to log into server and then running TS Manager from there.
  2. If users (and you) are able to remote desktop to server, then "log on locally" isn't the issue.
  3. Are you really wanting to "Connect"? 99% of time admins want to "Remote Control" which is to shadow the user and help them with something. With Remote Control, it asks the user permission and doesn't require their password (which you shouldn't know anyway).
  4. If you really want to take over the Remote Desktop session, Connect will prompt for the users password and once you put it in, it will kick them off, because you have taken over their session. This is rarely used, but if it's what you're looking for, then the article @HopelessNoob mentions says you must have Full Access or User Access, which are two security rights you'll find in the Terminal Services Configuration app. R-click the RDP-Tcp connection > Properties > Security.
  5. If you are still rejected after all this, then what does the Event Logs say? I bet their logging this failure.
Bret Fisher
  • 3,973
  • 2
  • 21
  • 25
  • I did have both a console session and a rpd session going for my login, and I've closed the console session. No change, still rejects 'connect' when I supply the user's password. I do want 'connect'. I'm not sure which event log would have an entry but I don't see one that would be about this. – meridian Aug 21 '12 at 22:57
  • permissions #4, event logs #5? – Bret Fisher Aug 21 '12 at 23:00
  • Hi Bret - I hadn't checked the perms, and I do have full rights. Event log, I did mention that I didn't see anything relevant, but wasn't sure which event hive to look at, maybe I missed it? – meridian Aug 21 '12 at 23:50
  • Can you setup a test server to validate this works on Windows 2003 as you would expect? I only have 2008 or newer servers to test. – Bret Fisher Aug 22 '12 at 20:33
  • I set up a test windows 2003 server. Strangely, on it both Connect and Remote Control are disabled. Maybe it's because I don't have TS enabled on the test server, I'm just using the two RD session connection feature that w2k3 comes with? – meridian Aug 23 '12 at 16:30
  • Sorry, don't have my own to test with. Maybe that's a separate SF question. – Bret Fisher Aug 24 '12 at 15:45