I can't seem to figure this out for the life of me...
I have a user that is doing documentation on all the hardware for some of my servers for me. I want the user to remote desktop into each of the servers look at the device manager and document it. So I created a GPO and attached it to an OU that has a couple of W2k3 servers in it. The settings I used are:
Allow logon through Terminal Services set to Administrators, IT_ReadOnly
Then created Restricted Groups with the Group Name set to Remote Desktop Users and Members set to Domain\IT_ReadOnly
But that didn't work, so I have also tried creating this with the Group Name set to Domain\IT_ReadOnly and the Member Of set to Remote Desktop Users.
Why doesn't this work? I get the same error either way. If I log into a server and manually add the Domain\IT_ReadOnly group to the Remote Desktop Users group then it works fine. I don't want to manually add Domain\IT_ReadOnly into the Remote Desktop Users group on every local SAM in the domian.
Yes, I'm sure the policy is replicating and updating correctly because I can open the Local Security Policy and see that the Allow logon through Terminal Services attribute is set correctly.
How do I fix this?
I have a user that is doing documentation on all the hardware for some of my servers for me. I want the user to remote desktop into each of the servers look at the device manager and document it. So I created a GPO and attached it to an OU that has a couple of W2k3 servers in it. The settings I used are:
Allow logon through Terminal Services set to Administrators, IT_ReadOnly
Then created Restricted Groups with the Group Name set to Remote Desktop Users and Members set to Domain\IT_ReadOnly
But that didn't work, so I have also tried creating this with the Group Name set to Domain\IT_ReadOnly and the Member Of set to Remote Desktop Users.
Why doesn't this work? I get the same error either way. If I log into a server and manually add the Domain\IT_ReadOnly group to the Remote Desktop Users group then it works fine. I don't want to manually add Domain\IT_ReadOnly into the Remote Desktop Users group on every local SAM in the domian.
Yes, I'm sure the policy is replicating and updating correctly because I can open the Local Security Policy and see that the Allow logon through Terminal Services attribute is set correctly.
How do I fix this?
