Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

allowing access via remote desktop to DCs

Status
Not open for further replies.
Rockstar101

Rockstar101

MIS
Jan 11, 2008
67
US
Hello all,

We have some DCs we would like to give a trusted dept access to via remote desktop. These DCs are located at branch sites and don't have the Default DC policy linked the OU they live in, instead we have another policy linked to it with only a few settings.

I set the setting "allow logon through terminal services" and defined the group we wanted to have access but they still can't log in with RDP.

Is there another setting I have to make as well?]

Thanks.


 
Sort by date Sort by votes
What error message do they get when they try to logon via RDP?

These DCs are located at branch sites and don't have the Default DC policy linked the OU they live in, instead we have another policy linked to it with only a few settings.
Click to expand...

Do you mean to say that these DCs are not in the default Domain Controllers OU? Or do you mean that the default domain controllers policy has been unlinked from the domain controllers OU?
FYI - Either way is not best practice........


Paul
MCSE 2003
MCSA 2003
MCITP Enterprise Administrator

If there are no stupid questions, then what kind of questions do stupid people ask? Do they get smart just in time to ask questions?
Scott Adams
 
Upvote 0 Downvote
edit the gpo, under computer/windows/security/local/userrights/allow local login
add the group in question, and put the user/group in the remotedesktopuser group
right click my computer, choose remote tab, enable allow remote desktop
 
Upvote 0 Downvote
Hi Pagy, The DCs are actually in another OU which does not have the Default DC policy linked to it. You are correct this is not best practice so linking the default dc policy to this OU has got to be in the future plans.

As of now we have at least 12 DCs so i don't want have to go to each DC right click on my computer and a the group to the remote desk access as suggested by lemon13. I know this is one way of doing it but if we get new DCs I don't want to have to manually configure them all the time. I want to use a Policy.

I've discovered the following: I added the users group I want to manage printers on these DCs to the default Printer Operators group. I then added the users group to the Default built-in Remote Desktop users domain group. The 3rd step was to add the group also to the Policy setting "Allow log on interactivitly..."

This allows the users to log onto the DCs and manage the printers without giving them the ability to delete or rename files/folders while at the sametime giving them the ability to manager printers.

Does this sound like the best method to go about this??? Any other suggestion are very welcome!!!

Thanks.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
397
MaioMaio
MaioMaio
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
233
hairlessupportmonkey
hairlessupportmonkey
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
412
DTGMI
DTGMI
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
423
microsGuy16
microsGuy16
StevenFromSouth
  • Locked
  • Question
VPN Connects but cannot access remote network computers or folders
Replies
1
Views
186
StevenFromSouth
StevenFromSouth

Part and Inventory Search

Sponsor

Back
Top