# Domain Users Can’t Use Remote Desktop to Access Domain Controller



## jaredbrown (Feb 4, 2009)

*Domain Users Can’t Use Remote Desktop to Access Domain Controller*

I have a room with (4) Windows 2003 x86_64 systems running over a LAN. The domain controller is running Active Directory, which is enforcing a global security policy. Admins are able to remote into the domain server. Domain users are not. Domain users are members of one group, the Domain Users group. Under the global policy the following is set.

DENY Network Access | Enabled | SUPPORT Allow Logon Through Terminal Services | Enabled | Domain Users Deny Logon Through Terminal Services | Disabled

The Remote Desktop Users group has been removed.

When users attempt to log in over Remote Desktop they are given the obligatory error message stating that they need to be a member of the Remote Desktop Users group or have the Allow Logon Through Terminal Services setting.

Considering that this setting is enabled for their group, any thoughts on what could be preventing this access?


----------



## bilbus (Aug 29, 2006)

*Re: Domain Users Can’t Use Remote Desktop to Access Domain Controller*

Well, first off why you want users remoting into a DC?

this is disabled by default. Domain controlers dont have "remote desktop users"

you need to goto securtiy policy and add domain users to "longin via termial services" and perhaps "allow login localy"

If you add users to "domain remote desktop users" (or something like that) they will be able to rdp into any computer on the network.


----------

