Users unable to logon to windows 2003 domain controller

  • Thread starter Thread starter kulkarni88
  • Start date Start date
K

kulkarni88

Guest
Hi All,

We have couple of windows 2003 domain controllers on which we have to give
users permission to log on to Domain Controllers.

I have already configured Allow log on locally & Allow log on through
Terminal Services in the domain controller group policy.

When these unable to login to domain controllers. When they try to login to
the DC's they get the error message that they do not have the required
permission to log on to domain controllers.

Wanted to know if any other permisson needs to be given for these users to
log in to the DC's.

Thanks in Advance,
 
Re: Users unable to logon to windows 2003 domain controller

* add the users to the domain-wide Remote Desktop Users
group in AD
* enable the following setting in the Default Domain
Controller Policy:
Computer Configuration - Windows Settings - Security Settings
- Local Policies - User rights Assignment
"Allow log on through Terminal Services"
and add the Remote Desktop Users group to the list of allowed
users.
The users do *not* need the user right to "Logon Locally" to
the Domain Controller, so I would disable that setting again.
* add the Remote Desktop Users group to the permission list
of the rdp-tcp connection
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?a3Vsa2Fybmk4OA==?=
<kulkarni88@discussions.microsoft.com> wrote on 10 okt 2007 in
microsoft.public.windows.terminal_services:

> Hi All,
>
> We have couple of windows 2003 domain controllers on which we
> have to give users permission to log on to Domain Controllers.
>
> I have already configured Allow log on locally & Allow log on
> through Terminal Services in the domain controller group
> policy.
>
> When these unable to login to domain controllers. When they try
> to login to the DC's they get the error message that they do not
> have the required permission to log on to domain controllers.
>
> Wanted to know if any other permisson needs to be given for
> these users to log in to the DC's.
>
> Thanks in Advance,
 
Re: Users unable to logon to windows 2003 domain controller

Hi Vera,

Thanks a lot for the reply.

As per your recommandation, I have added the users to the remote desktop
users group.

Now they are able to log on to the DC's.

My issue is now resolved.

Have a nice day.

Regards,

kulkarni88

"Vera Noest [MVP]" wrote:

> * add the users to the domain-wide Remote Desktop Users
> group in AD
> * enable the following setting in the Default Domain
> Controller Policy:
> Computer Configuration - Windows Settings - Security Settings
> - Local Policies - User rights Assignment
> "Allow log on through Terminal Services"
> and add the Remote Desktop Users group to the list of allowed
> users.
> The users do *not* need the user right to "Logon Locally" to
> the Domain Controller, so I would disable that setting again.
> * add the Remote Desktop Users group to the permission list
> of the rdp-tcp connection
> _________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private email ___
>
> =?Utf-8?B?a3Vsa2Fybmk4OA==?=
> <kulkarni88@discussions.microsoft.com> wrote on 10 okt 2007 in
> microsoft.public.windows.terminal_services:
>
> > Hi All,
> >
> > We have couple of windows 2003 domain controllers on which we
> > have to give users permission to log on to Domain Controllers.
> >
> > I have already configured Allow log on locally & Allow log on
> > through Terminal Services in the domain controller group
> > policy.
> >
> > When these unable to login to domain controllers. When they try
> > to login to the DC's they get the error message that they do not
> > have the required permission to log on to domain controllers.
> >
> > Wanted to know if any other permisson needs to be given for
> > these users to log in to the DC's.
> >
> > Thanks in Advance,
>
 
Re: Users unable to logon to windows 2003 domain controller

Great! I'm glad that your problem is solved, and thanks for the
feedback!
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?a3Vsa2Fybmk4OA==?=
<kulkarni88@discussions.microsoft.com> wrote on 11 okt 2007 in
microsoft.public.windows.terminal_services:

> Hi Vera,
>
> Thanks a lot for the reply.
>
> As per your recommandation, I have added the users to the remote
> desktop users group.
>
> Now they are able to log on to the DC's.
>
> My issue is now resolved.
>
> Have a nice day.
>
> Regards,
>
> kulkarni88
>
> "Vera Noest [MVP]" wrote:
>
>> * add the users to the domain-wide Remote Desktop Users
>> group in AD
>> * enable the following setting in the Default Domain
>> Controller Policy:
>> Computer Configuration - Windows Settings - Security Settings
>> - Local Policies - User rights Assignment
>> "Allow log on through Terminal Services"
>> and add the Remote Desktop Users group to the list of allowed
>> users.
>> The users do *not* need the user right to "Logon Locally" to
>> the Domain Controller, so I would disable that setting again.
>> * add the Remote Desktop Users group to the permission list
>> of the rdp-tcp connection
>> _________________________________________________________
>> Vera Noest
>> MCSE, CCEA, Microsoft MVP - Terminal Server
>> TS troubleshooting: http://ts.veranoest.net
>> ___ please respond in newsgroup, NOT by private email ___
>>
>> =?Utf-8?B?a3Vsa2Fybmk4OA==?=
>> <kulkarni88@discussions.microsoft.com> wrote on 10 okt 2007 in
>> microsoft.public.windows.terminal_services:
>>
>> > Hi All,
>> >
>> > We have couple of windows 2003 domain controllers on which we
>> > have to give users permission to log on to Domain
>> > Controllers.
>> >
>> > I have already configured Allow log on locally & Allow log on
>> > through Terminal Services in the domain controller group
>> > policy.
>> >
>> > When these unable to login to domain controllers. When they
>> > try to login to the DC's they get the error message that they
>> > do not have the required permission to log on to domain
>> > controllers.
>> >
>> > Wanted to know if any other permisson needs to be given for
>> > these users to log in to the DC's.
>> >
>> > Thanks in Advance,
 
Back
Top