Manage Learn to apply best practices and optimize your operations.

Network admins can't connect to Windows 2003 boxes

After bringing 2003 DC into a Windows 2000 network, we noticed that our network admins were not able to connect to the 2003 boxes using Terminal Services in Remote Admin mode. They are able to connect to 2000 boxes but not 2003.

As a domain admin I don't have a problem "TS'ing" to the Windows 2003 boxes but those of lower permissions cannot. I want to say that it has to do with the Group Policy difference between Windows 2000 and 2003 but I can't say for sure.

Any suggestions on what to try or look at?

Remote Administration connections are by default restricted to domain administrator accounts. To let Joe User (JoeU) log on, you'll need to follow these steps:

1. Add JoeU to the Remote Desktop Users group by opening his user account and moving to the Member Of.
2. Grant JoeU (or the Remote Desktop Users group) the right to log onto the server in question. This policy is located in Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow Log On Through Terminal Services.

Notice that this will not work unless you complete both steps. By default, the RDU group does not have permission to log onto a domain controller. You do not have to configure the "Allow users to connect remotely using Terminal Services" group policy to allow JoeU to log on.

Dig Deeper on Legacy operating systems

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.