Q

Domain controllers and Terminal Services client connections

Questione #1: I am trying to allow a user to use Terminal Services on a Windows 2000 SP3 server that is running in admin mode. I added this user to the local administrators group, gave this user specific rights in the RDP-TCP item, and added this user to a few areas of the local policies, such as: "access this computer from the network." I am able to get this user onto other servers that also have Windows 2000 SP3 TS in admin mode....

This is the only server that gives me this error: "The system can not log you on (1F). Please try again or consult your system administrator." What am I missing? Microsoft.com is no help on this one. Thanks.

Question #2: We have a client that is running Citrix on a Windows 2000 server, which is running Terminal Services in application mode. The server is also the domain controller. Unless the Citrix users are members of the domain admins group, they receive the message "the local policy of this system does not permit you to log on interactively." I found reference to this in MS Knowledge Base Article 247989. I created a new group and added it to the local logon policy as mentioned in the article. Now the users can log on without receiving the message, but are immediately logged off. If I look at the application log I see the following: "Windows cannot connect to machine.local with (0x0)." and "Windows cannot query for the list of group policy objects." Do you have any ideas? Thanks.
First, it's a bad idea to let users run applications on a domain controller (see the link below for the reasons why I don't recommend it). It's a REALLY bad idea to make them domain administrators to do it. You don't have to - just give them the permission to log onto the DC. I wrote up a complete set of instructions for letting non-admins log onto a Terminal Server running in Admin Mode here: http://x220.minasi.com/forum/topic.asp?TOPIC_ID=3959. For the first questioner, it sounds like you performed most of the steps. Did you refresh the security policy? For your second question, that error message is new to me, but try the instructions I provide in the linked instructions above and see if that does the trick.

This was first published in November 2003

Dig deeper on Microsoft Windows 2000 Server Administration

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close