Hey guys, I just installed 2003 server along with my XP pro 2. I am mcdst, and mcp, but need to learn more about win 2k3 server and active directory...one quick thing I need to know first...is how I can access this PC from work. Usually i would just remote desktop to my XP PRO machine at home from my work machine. I tested that out on the new 2k3 server (dual booted) and it says that this user must be in the remote desktop user group. ok...so I did that. I added a "user, not admin" into the remote desktop user group, once I added the same user locally as well. Is there a way to allow me into the DC via remote desktop without actually already being logged into the domain? Example, from work, populating ip address..i can get to the windows 2k3 server screen, but it then tells me my user account does not have access rights or i should be put in remote desktop usser group. Thats why i'm assuming you can only remote desktop to the DC if A. you are in the domain in the first place, and B. you're allowed to be doing it by being in the remote desktop group. Am i correct on this or can i still connect to this DC on an easier level, without being in that domain...from work, so i can practice? Thanks in advance guys.

Thats because of a policy in the "Domain Controller Security Policy" under Administrative Tools. Look in "User Rights Assignment" under the Local Policies category. In the "Allow Logon Through Terminal Services" policy, just add remote desktop users, and make sure you are a member of the remote desktop users group. Then run gpupdate and you're golden! Let me know how it goes, Rob

thanks for the help. I will try that right now. by the way. I was able to remote in from work using the ADMIN username and password, but I will try it yourway as well for experience.

As i understand it, administrators are always allowed remote access, whether or not it is defined in the "Allow Logon Through Terminal Services" policy. However, if Remote Desktop Users were NOT in the list, then that was almost certainly your problem, you just need to add them and it should be OK - I had the same problem on my server and it took me a ages to figure out! Rob

Rob, thanks for the help so far. I added a user called JoeLaptop to the remote desktop users group, then I changed that policy in security to allow Administrators and Remote desktop users to log in. So I'm at work now, and if i log in as administrator, i get in...but if i log in as JoeLaptop (which is a user, but he's in the remote desktop users list) and that is configured so that remote desktop users can use terminal services..it tells me that JoeLaptop is not in the group or does not have rights... Am i missing something here? Maybe the computer has to be in the domain if its not an administrator?

I figured out why. Joelaptop was a member of domain users, but not a member of just plain USERS. so he wasnt able to access the account....since only USERS were on the remote desktop access group.

Help!!! I have the same problem as listed above. I have added Remote Desktop Users to the "Allow Logon Through Terminal Services" policy and ran the gpupdate. It did not work. Now, we are also having problems with the Administrator account (domain) not being able to log into the server through Terminal Services. It gives the error message about "the local policy does not allow the user to log in interactively". I undid the changes to the group policy and re-ran gpupdate but it did not fix the Administrator's problem. Any suggestions???