GarryBaker
IS-IT--Management
Good morning all,
I have recently rebuild my test and reference system and started to configure my GPO's. I seem to be getting the following problem.
I have created a Development Server that I only want my Development user to log onto via Terminal Services. I have therefore created a GPO for the Development servers and configured the Log on through Terminal Services to allow users in the group Development Logon. This GPO has been assigned to the servers and I have run gpupdate /force, and also rebooted the server.
However every time my user tries to log on they are prompted with thefollowing message.
To log on to this remote computer you must be granted the Allow log on throught Terminal Services right, etc etc.
The default domaint policy is not configured.
The only error that I am getting in the event log is
Source: Security
EventID: 534
Descriptions
Logon Failure
The user has not been granted the requested logon type at this machine.
I have gone through GP modeling and the user is getting both GPO's applicated and the results are set correctly.
Allow to log on through Teriminal Services - Administrators, Domain\Development Logon
The only way I seem to be able to get this to work is to add the Domain\Development Logon group to the LocalMachine\Remote Desktop User Group.
This seems to defeat the object of using GPO to configure the system and increases my administration.
My Servers are Windows 2003 Enterprise Edition, SP2. AD is running Win2k3 functional level.
Any help would be great
Thanks
I have recently rebuild my test and reference system and started to configure my GPO's. I seem to be getting the following problem.
I have created a Development Server that I only want my Development user to log onto via Terminal Services. I have therefore created a GPO for the Development servers and configured the Log on through Terminal Services to allow users in the group Development Logon. This GPO has been assigned to the servers and I have run gpupdate /force, and also rebooted the server.
However every time my user tries to log on they are prompted with thefollowing message.
To log on to this remote computer you must be granted the Allow log on throught Terminal Services right, etc etc.
The default domaint policy is not configured.
The only error that I am getting in the event log is
Source: Security
EventID: 534
Descriptions
Logon Failure
The user has not been granted the requested logon type at this machine.
I have gone through GP modeling and the user is getting both GPO's applicated and the results are set correctly.
Allow to log on through Teriminal Services - Administrators, Domain\Development Logon
The only way I seem to be able to get this to work is to add the Domain\Development Logon group to the LocalMachine\Remote Desktop User Group.
This seems to defeat the object of using GPO to configure the system and increases my administration.
My Servers are Windows 2003 Enterprise Edition, SP2. AD is running Win2k3 functional level.
Any help would be great
Thanks