[gptalk] Re: Group Policy/AD delegation issueq

  • From: "Francis Revere" <frevere@xxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Mon, 30 Jul 2007 14:41:16 -0400

Thanks for the information Omar.  I disabled the policy and force an
update on the server.  I added group1 to the Remote Desktop Users group
on the server.  Still, when I attempt to login as one of the users in
the group, I receive the message that the "to login to the computer, you
must be granted the Allow to log on through Terminal Services right."
Something is not right here.  I have group1 setup exactly as Domain
Admins.  Full control on the computer object in AD, group1 added to the
Remote users on the remote tab in server properties.  Any ideas???


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Omar Droubi
Sent: Monday, July 30, 2007 12:42 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Group Policy/AD delegation issueq

Did you check on the machine the policy applied to that the remote
desktop checkbox was indeed checked and grayed out to verify that the
policy was indeed applied?


Next I would verify that the either the firewall on the machine in
questions is either disabled or allows the remote desktop protocol- even
many new Antivirus products have firewalls built in and can restrict
this function.


So I would 1st verify that it works without the GPO then uncheck the
checkbox- apply the GPO and try again.




From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Francis Revere
Sent: Monday, July 30, 2007 8:16 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Group Policy/AD delegation issueq


What I am attempting to do:  Create an AD group that has Full control of
a specific server in an OU and can remote into this server only within
the OU (for software installation).


What I have done and tried:  I have a group in AD called group1 with 2
members.  This group has been added to the security tab of a server,
called server1 with Full control.  I created a GPO called test and
defined the "Allow Login through Terminal Services" and to group1.
Within the scope, I applied the policy to the OU with server1 in it, and
added the server1 to the security filter.


This did not work for some reason.  I even went as far as logging into
server1 and adding group1 to the remote users group to no avail.


What am I missing????  I know that it is probably something really

Other related posts: