Questione #1: I am trying to allow a user to use Terminal Services on a Windows 2000 SP3 server that is running in admin mode. I added this user to the local administrators group, gave this user specific rights in the RDP-TCP item, and added this user to a few areas of the local policies, such as: "access this computer from the network." I am able to get this user onto other servers that also have Windows 2000 SP3 TS in admin mode....
This is the only server that gives me this error: "The system can not log you on (1F). Please try again or consult your system administrator." What am I missing? Microsoft.com is no help on this one. Thanks.
Question #2: We have a client that is running Citrix on a Windows 2000 server, which is running Terminal Services in application mode. The server is also the domain controller. Unless the Citrix users are members of the domain admins group, they receive the message "the local policy of this system does not permit you to log on interactively." I found reference to this in MS Knowledge Base Article 247989. I created a new group and added it to the local logon policy as mentioned in the article. Now the users can log on without receiving the message, but are immediately logged off. If I look at the application log I see the following: "Windows cannot connect to machine.local with (0x0)." and "Windows cannot query for the list of group policy objects." Do you have any ideas? Thanks.
First, it's a bad idea to let users run applications on a domain controller (see the link below for the reasons why I don't recommend it). It's a REALLY bad idea to make them domain administrators to do it. You don't have to - just give them the permission to log onto the DC. I wrote up a complete set of instructions for letting non-admins log onto a Terminal Server running in Admin Mode here: http://x220.minasi.com/forum/topic.asp?TOPIC_ID=3959. For the first questioner, it sounds like you performed most of the steps. Did you refresh the security policy? For your second question, that error message is new to me, but try the instructions I provide in the linked instructions above and see if that does the trick.
Dig deeper on Microsoft Windows 2000 Server Administration
Related Q&A from Christa Anderson, WinIT
Expert Christa Anderson offers some ideas for monitoring who is connecting to a terminal server, and when they are connecting.continue reading
Expert Christa Anderson offers advice for dealing with a crashing spooler service.continue reading
Expert Christa Anderson explains why it isn't possible to allow drive mapping with Windows 2000 Terminal Services.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.