Good morning all, I have recently rebuild my test and reference system and started to configure my GPO's. I seem to be getting the following problem. I have created a Development Server that I only want my Development user to log onto via Terminal Services. I have therefore created a GPO for the Development servers and configured the Log on through Terminal Services to allow users in the group Development Logon. This GPO has been assigned to the servers and I have run gpupdate /force, and also rebooted the server. However every time my user tries to log on they are prompted with the following message. To log on to this remote computer you must be granted the Allow log on throught Terminal Services right, etc etc. The default domaint policy is not configured. The only error that I am getting in the event log is Source: Security EventID: 534 Descriptions Logon Failure The user has not been granted the requested logon type at this machine. The only way I seem to be able to get this to work is to add the Domain\Development Logon group to the LocalMachine\Remote Desktop User Group. These seems to defeat the object of using GPO to configure the system and increases my administration. My Servers are Windows 2003 Enterprise Edition, SP2. AD is running Win2k3 functional level. Any help would be great Thanks
Gary - You need to also configure Remote Desktop to allow the Developement Group Terminal Serivces Access. Go to Properites of My Computer and select Remote and grant Allow Remote Access. You might even need to include your Development Group in the local group: Remote Desktop Users. "GarryB" wrote: > Good morning all, > > I have recently rebuild my test and reference system and started to > configure my GPO's. I seem to be getting the following problem. > > I have created a Development Server that I only want my Development user to > log onto via Terminal Services. I have therefore created a GPO for the > Development servers and configured the Log on through Terminal Services to > allow users in the group Development Logon. This GPO has been assigned to > the servers and I have run gpupdate /force, and also rebooted the server. > > However every time my user tries to log on they are prompted with the > following message. > > To log on to this remote computer you must be granted the Allow log on > throught Terminal Services right, etc etc. > > The default domaint policy is not configured. > > The only error that I am getting in the event log is > > Source: Security > EventID: 534 > Descriptions > Logon Failure > The user has not been granted the requested logon type at this machine. > > The only way I seem to be able to get this to work is to add the > Domain\Development Logon group to the LocalMachine\Remote Desktop User Group. > > These seems to defeat the object of using GPO to configure the system and > increases my administration. > > My Servers are Windows 2003 Enterprise Edition, SP2. AD is running Win2k3 > functional level. > > Any help would be great > Thanks
