NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FOCUS-MS> 2005-q1

RE: Terminal Services - Domain Controller - Normal User

From: Robert Abela (robertgfi.com)
Date: Mon Feb 28 2005 - 02:04:48 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks guys :) fixed the issue.

Basically the user needs also admin rights on the machine. Therefore
the best solution is to create an account that is solely used for that.

Kind regards,

Robert Abela - GFI Software Ltd. - www.gfi.com
Messaging, Content Security & Network Security Software
GFI: MailSecurity - FAXmaker - MailEssentials - LANguard

-----Original Message-----
From: neal [mailto:nealnkdavis.com]
Sent: Friday, February 25, 2005 10:52 PM
To: T.Onyszkow2k.pl; Robert Abela; focus-mssecurityfocus.com
Subject: RE: Terminal Services - Domain Controller - Normal User

You can do this by granting them the right "Allow logon through terminal
services" and "allow logon locally" in the User Rights Assignment
section of a GPO and granting them permissions through ACL's on the
RDP-TCP connection in Terminal Services Configuration

Regards

Neal

-----Original Message-----
From: Tomasz Onyszko [mailto:T.Onyszkow2k.pl]
Sent: 25 February 2005 20:38
To: Robert Abela; focus-mssecurityfocus.com
Subject: Re: Terminal Services - Domain Controller - Normal User

Robert Abela wrote:
> HI,
>
> To log on via terminal Services (administration mode) on a Domain
> controller one needs to be an Administrator of the domain (like a
member
> of the enterprise administrators, or domain administrators etc), since
a
> domain controller doesn't have its own groups.
>
> Are there any particular permissions or way to set it up to give a
> normal user logon access (via terminal services, administration mode)
to
> the domain controller?

You cen set-up permissions for RDP protocol on the RDP-TCP connection
object in the terminal services confiugration console

--
Tomasz Onyszko [MVP]
T.Onyszkow2k.pl
http://www.w2k.pl

------------------------------------------------------------------------
---
------------------------------------------------------------------------
---

This mail was checked for viruses by GFI MailSecurity.
GFI also develops anti-spam software (GFI MailEssentials), a fax server (GFI FAXmaker), and network security and management software (GFI LANguard) - www.gfi.com

---------------------------------------------------------------------------
---------------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]