Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I have installed terminal services for the 1st time. I have installed the 32bit client on a win98 machine. The server is set up as an application server. I can attach from the 98 machine but when I try to log in I get a message saying "Local security does not allow interactive login"
I am pretty sure I am just missing a setting somewhere. Can anyone point me in the right direction?Mike
You may receive 2 different messages upon an attempt to establish a TS session. First is the one you are seeing, by default WIN2K Server does not allow a user to login locally to the server(interactive=local logon) which is what TS does, if you use an Administrator account there should be no problem establishing a session. After you configure you security policy to allow an account with user rights to logon locally, you may then receive an error stating "unable to logon to a TS session" or something to that effect. At that point you need to go into the TS configuration on the server and right click the RDP-TCP connection and go to permissions and you also have to allow users the ability to establish a session, after all that is done TS will work. Good luck, e-mail me for further guidance.
0 
Thanks, I am testing it on our intranet. When I eventually try from home I need to know what(if any) ports need to be routed through our router to the server.
Mike
0
List of Ports Used by Terminal Server Clients Function Static ports
-------- ------------
RDP Client (Microsoft) TCP:3389 (Pre Beta2:1503)
ActiveX Client (TSAC) TCP:80, 3389
ICA Client (Citrix) TCP:1494
NOTE: Terminal Server uses port 3389.
0
You have been a big help. However I can't find the permission to fix my original problem. I have a user I created called mrtest I am testing ts with. I have added him to "logon locally" in local security policy,domain security policy, and domain controller security policy on the server. None of it seems to make a difference. I can make him an administrator and it works but I don't want to make every ts user a admin :-)
Mike
0
Stevemm, with all due respects, I believe the problem is not that by default Server does not allow regular users to log on to TS, which it will(when it's a stand alone server), the problem was becase a domain controller will not allow regular users to log on locally, whether it is on the console or Terminal Services, and he setup TS on a domain controller.
Also Mike, be aware of Microsoft's licensing requirements with TS. After 90 days, the server will require you to purchase licenses for every client that want to connect to TS, except for administrative accounts. It will cut off people after 90 days. However, Windows 2000 on up clients can continue connecting, because they have built in license generators and the license server permits it. So, pay for the license, or pay to upgrade the operating systems. Happy TS'ing.
0
I have this all setup in a test environment. The server will be wiped when I'm through.
Is there no way to allow my ts user to login through terminal services to a domain controller?As for licenses, its fine our customer will buy whatever they need.
0
Although it is not a "best practice" or a very good idea, the ability is there. It just takes a bit of configuration to do so. As far as securtiy and configuration are concerned it may be best to get another server to install and designate that as a TS server.
0
Yeah mike, like stevemm says, it will work. I've done it before, but you really have to dig down in the settings to allow non admin accounts to log on when it's a DC.
0
I would love to sell them a new server but its not going to happen. Its a small company with limited funds. I have to figure out how to let the non admin accounts in. I realize it is not the ideal situation but I have to implement it. You guys have been really helpful and I guess now its time to play the "change permissions" game. I don't suppose there is a "reset permissions to defaut" in case I really mess things up.
Mike
0
yes, after you think that you may have screwed the permissions pretty good, you can run the Security Configuration and analysis MMC snap-in and reapply the "setup security.inf" security template which will put the local settings back to the original state upon install. You can also export the local template in that same snap-in once you have gotten it correct, for future use. If you haven't ever run this MMC look into it. There area few steps you must perform in order and a couple of terms that you need to understand. Also remember the order in which security is actually applied. Local is applied first and if any other policies such as Default Domain Controller policy conflict the last one applied will be effective. Your configuration may get a little "hairy" if you are not a seasoned Windows 2000 admin. Good luk.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
