While logged in to a windows 2003 terminal server with admin rights, and running the Terminal Services Manager, I want to right click the active sessions and ‘Connect’. I’m prompted for the password of the user but this is always rejected.
After reading around, I’m guessing it’s because the remote desktop user’s group does not have the ‘log on locally’ right. But for the life of me I can’t figure out where to adjust this. I’m very new to AD…I’ve looked ‘everywhere’ for a place to select Remote Desktop Users and add the ability to log on locally. I need pretty specific pointers, as I’ve not been able to locate this from any clues I’ve read so far.
Answer
- Ensure you are not on console session. I assume you are using Remote Desktop GUI to log into server and then running TS Manager from there.
- If users (and you) are able to remote desktop to server, then “log on locally” isn’t the issue.
- Are you really wanting to “Connect”? 99% of time admins want to “Remote Control” which is to shadow the user and help them with something. With Remote Control, it asks the user permission and doesn’t require their password (which you shouldn’t know anyway).
- If you really want to take over the Remote Desktop session, Connect will prompt for the users password and once you put it in, it will kick them off, because you have taken over their session. This is rarely used, but if it’s what you’re looking for, then the article @HopelessNoob mentions says you must have Full Access or User Access, which are two security rights you’ll find in the Terminal Services Configuration app. R-click the RDP-Tcp connection > Properties > Security.
- If you are still rejected after all this, then what does the Event Logs say? I bet their logging this failure.
Attribution
Source : Link , Question Author : meridian , Answer Author : Bret Fisher
