Make sure that you check the "type" of group it is that you have added. Make sure that it is a Global Security Group, and not a distribution group, or a Domain Local Security Group. -----Original Message----- From: Paul Stansel [mailto:Paul.Stansel@xxxxxxxxxxxx] Sent: Monday, August 01, 2005 1:25 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Question on security policies for local logon I'm saying that if a user is in a specific domain group that is in the local Remote Desktop Users group, they still get the error. If they are in one of the other domain groups that has Remote Desktop Users local membership, they get access. Only run published apps is not checked. -Paul -----Original Message----- From: Joe Shonk [mailto:joe.shonk@xxxxxxxxx] Sent: Monday, August 01, 2005 4:16 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Question on security policies for local logon Do you have "Only allow Published Applications" checked under the ica-tcp properties? Not sure if I read your post right... It sounds like your saying that if the users in not part of the Remote Desktop Users group then they get an error. This is by design in W2k3. In order for users to connect to a W2k3 TS/Citrix server they also need to a member of the local Remote Desktop Users group. Joe -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Paul Stansel Sent: Monday, August 01, 2005 1:05 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Question on security policies for local logon We have a security group that defines what standard users are allowed "Remote Desktop Users" rights to our Citrix servers. It only applies to machines in the Citrix OU. All of our Windows 2000 boxes are fine, but one of our Win2K3 boxes is acting strangely. I have defined the group as part of "Remote Desktop Users." However, any user trying to log in to that one server that aren't also in one of the other groups granted Remote Desktop Access get the message about not being able to log in interactively. Our AD guys swear it must be something on my side, but I'm not sure where else to look. Any ideas? Thanks, Paul ******************************************************** This weeks sponsor: SuperSpeed Try Us To improve performance along with other agents! FREE 30-day Trial! http://www.superspeed.com/servers/computing.php?ID=100 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm ThinWiki community - Excellent SBC Search Capabilities! http://www.thinwiki.com *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor: SuperSpeed Try Us To improve performance along with other agents! FREE 30-day Trial! http://www.superspeed.com/servers/computing.php?ID=100 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm ThinWiki community - Excellent SBC Search Capabilities! http://www.thinwiki.com *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm