A question about remote desktop

Dracula28Dracula28 Member Posts: 232
On the default domain controllers policy, what is the default value for the user right "allow log on through terminal services"is it "not defined" or is it defined "Domain\Administrators" ?

Plus to make a remote desktop connection to a DC, you will need that user right, AND be added to list of users who are allowed to make a connection to the server in the remote tab of system properties, right?
Current certs: MCP (210) MCSA (270, 290, 291 and 680) MCTS (680, 640)

Comments

  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    On DCs you can RDP if you are a member of ONLY the Administrators Group.
    On Member/Standalone servers, you can RDP if you are a member of either the Administrators group or the Remote Desktop Users group.

    ON DCs, there is no local Remote Desktop Users group, so DCs use the Remote Desktop Users group in AD if you do choose to allow RDP to the Remote Desktop Users group. You can, of course, choose to use a different group name and grant that access in both the Terminal Services Manager as well as the Default Domain Controllers Policy to allow the user to log on through terminal services.
    “For success, attitude is equally as important as ability.” - Harry F. Banks
  • Dracula28Dracula28 Member Posts: 232
    Thanks, thats very well explained. :) I guess the default value for the user right "allow log on through terminal services" is defined "Domain\Administrators". Because when I set it to not defined, I was not able to make a connection even as an administrator. Which is logical.

    Another couple of questions, whats the difference between "user access" and "guest access" on the security tab of the rdp-tcp properties? I can see that with "user access" you get the permissions; Query information and Connect, in addition to log on, which is the only permission you get with the "guest access" template.

    And how do I remote control a session?
    Current certs: MCP (210) MCSA (270, 290, 291 and 680) MCTS (680, 640)
  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    Allow Remote Control in the Terminal Services GPO or Terminal Services Manager. There's an order of preference as to which settings have a higher precedence. I'd just make sure you modify settings in 1 place and try not to modify the same setting in more than 1 place.

    As for the user access vs guest access. No idea.
    “For success, attitude is equally as important as ability.” - Harry F. Banks
  • Dracula28Dracula28 Member Posts: 232
    If I allow remote control in the tscc, the "remote control" option is greyed out, when I try to remote control a session in Terminal Services Manager icon_confused.gif

    The order is Computer GPO, User Gpo, tscc, user account settings, client settings. Atleast I've got that down. :) I tried to set the Computer Gpo to allow remote contorl (it was undefined), but the remote control option is still greyed out.
    Current certs: MCP (210) MCSA (270, 290, 291 and 680) MCTS (680, 640)
  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    This I do remember! You have to be in an RDP session for remote control to function. So go RDP into one of your servers, then run the Terminal Services Manager and try to remote control.
    “For success, attitude is equally as important as ability.” - Harry F. Banks
  • Dracula28Dracula28 Member Posts: 232
    Ah finally got it, so thats what that information box, which pops up, when you start Terminal Services manager, meant.

    Thanks for the help, learnt a lot, hands-on is the only way to truly learn the subject.
    Current certs: MCP (210) MCSA (270, 290, 291 and 680) MCTS (680, 640)
Sign In or Register to comment.