Sign in with
Sign up | Sign in
Your question

Terminal Server in AD

Last response: in Windows 2000/NT
Share
Anonymous
March 13, 2005 6:09:17 PM

Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

-
Hello everyone,
Windows 2003 setup with Terminal Server
Everything works as expected when I login with a user account from my local
Domain (domain1) however, when I tried to logon to the Terminal Server with
an account form one of our other doamain (domain2) I get the following error
and can not logon.
The local policy of this system does not permit you to logon interactively.
Then I am disconnected.
Any step by step help will be very helpful (This is the first Terminal
Server I am tring to setup)
As Always, Thank You in advance, Terry

More about : terminal server

Anonymous
March 13, 2005 6:09:18 PM

Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

Is there a trust relationship between these 2 domains?
You have to make the \\domain2\username a member of the local
built-in group "Remote Desktop Users" on the Terminal Server in
domain1.

If the Terminal Server is also a Domain Controller in domain 1
(which is *not* recommmended!), then you have to give this user Log
On Locally rights on the server (in the default Domain Controller
Security Policy).

--
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
--- please respond in newsgroup, NOT by private email ---

"theitman" <nospam@olsbuff.com> wrote on 13 mar 2005 in
microsoft.public.windowsnt.terminalserver.misc:

> -
> Hello everyone,
> Windows 2003 setup with Terminal Server
> Everything works as expected when I login with a user account
> from my local Domain (domain1) however, when I tried to logon to
> the Terminal Server with an account form one of our other
> doamain (domain2) I get the following error and can not logon.
> The local policy of this system does not permit you to logon
> interactively. Then I am disconnected.
> Any step by step help will be very helpful (This is the first
> Terminal Server I am tring to setup)
> As Always, Thank You in advance, Terry
Anonymous
March 14, 2005 11:47:02 PM

Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

-
Yes there is a Trust (I think by default) AD does this.
Wow had to add the Everyone group and then add the Domains to the groups of
users.
It's working now. Thanks for the help.

Here is an easy one I'm sure,
I logged on to the Terminal Server as a user named "LikeThis" setup all the
programs and Desk Top, then setup all the option the way I need them in MS
Word and Excel. So the user profile for the user "LikeThis" is perfect.
No I want Everyone that logs onto the terminal server to get this as the
profile for their Terminal Server session.
I think I copy the user profile "LikeThis" over the top on the Local
Right click on My Computer, System Properties, Advanced, User
Profiles,Select the user profile "LikeThis",then click on Copy To, and Brows
to the %system root%Documents and settings/Default User folder, then click
on OK.
I am guessing that this will cause ANY user that log onto this Terminal
Server to have the Setting I created for Word, Excel (the Macro Security
settings, set to Low etc.) am I correct?
Do I have all the correct steps?

This is Windows Server 2003 running as Terminal Server.

The reason I am NOT sure is because the Help file I found made me think that
these steps will change more than the users profile on this Terminal Server.
Sounded almost like I was changing AL the User in the Domain. I ONLY want
to control the user profile on this ONE Terminal Server.

Thanks in advance !!!
Terry

"Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message
news:Xns9618ED717C2E3veranoesthemutforsse@207.46.248.16...
> Is there a trust relationship between these 2 domains?
> You have to make the \\domain2\username a member of the local
> built-in group "Remote Desktop Users" on the Terminal Server in
> domain1.
>
> If the Terminal Server is also a Domain Controller in domain 1
> (which is *not* recommmended!), then you have to give this user Log
> On Locally rights on the server (in the default Domain Controller
> Security Policy).
>
> --
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> http://hem.fyristorg.com/vera/IT
> --- please respond in newsgroup, NOT by private email ---
>
> "theitman" <nospam@olsbuff.com> wrote on 13 mar 2005 in
> microsoft.public.windowsnt.terminalserver.misc:
>
>> -
>> Hello everyone,
>> Windows 2003 setup with Terminal Server
>> Everything works as expected when I login with a user account
>> from my local Domain (domain1) however, when I tried to logon to
>> the Terminal Server with an account form one of our other
>> doamain (domain2) I get the following error and can not logon.
>> The local policy of this system does not permit you to logon
>> interactively. Then I am disconnected.
>> Any step by step help will be very helpful (This is the first
>> Terminal Server I am tring to setup)
>> As Always, Thank You in advance, Terry
Related resources
Anonymous
March 15, 2005 5:10:50 PM

Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

That sounds correct. Every user that connects to this TS and *who
has not yet an existing roaming TS-specific profile*, will receive
a copy of the Default User profile that you created.

If users have existing roaming TS profiles, they will *not* receive
a copy of the Default User profile. You can force them to get one
by deleteing theit existing roaming TS profile, but then they will
also use this Ts profile on all other TS they connect to.
So if this profile should be unique to this TS, make sure that
users do *not* have roaming TS profiles. Note that you can use a
GPO to force a local profile.

If users have local TS profiles, you should be OK now.

--
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
--- please respond in newsgroup, NOT by private email ---

<NoSpamZtheitman@nospamZolsbuff.com> wrote on 15 mar 2005 in
microsoft.public.windowsnt.terminalserver.misc:

> -
> Yes there is a Trust (I think by default) AD does this.
> Wow had to add the Everyone group and then add the Domains to
> the groups of users.
> It's working now. Thanks for the help.
>
> Here is an easy one I'm sure,
> I logged on to the Terminal Server as a user named "LikeThis"
> setup all the programs and Desk Top, then setup all the option
> the way I need them in MS Word and Excel. So the user profile
> for the user "LikeThis" is perfect. No I want Everyone that logs
> onto the terminal server to get this as the profile for their
> Terminal Server session. I think I copy the user profile
> "LikeThis" over the top on the Local Right click on My Computer,
> System Properties, Advanced, User Profiles,Select the user
> profile "LikeThis",then click on Copy To, and Brows to the
> %system root%Documents and settings/Default User folder, then
> click on OK.
> I am guessing that this will cause ANY user that log onto this
> Terminal Server to have the Setting I created for Word, Excel
> (the Macro Security settings, set to Low etc.) am I correct?
> Do I have all the correct steps?
>
> This is Windows Server 2003 running as Terminal Server.
>
> The reason I am NOT sure is because the Help file I found made
> me think that these steps will change more than the users
> profile on this Terminal Server. Sounded almost like I was
> changing AL the User in the Domain. I ONLY want to control the
> user profile on this ONE Terminal Server.
>
> Thanks in advance !!!
> Terry
>
> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote
> in message
> news:Xns9618ED717C2E3veranoesthemutforsse@207.46.248.16...
>> Is there a trust relationship between these 2 domains?
>> You have to make the \\domain2\username a member of the local
>> built-in group "Remote Desktop Users" on the Terminal Server in
>> domain1.
>>
>> If the Terminal Server is also a Domain Controller in domain 1
>> (which is *not* recommmended!), then you have to give this user
>> Log On Locally rights on the server (in the default Domain
>> Controller Security Policy).
>>
>> --
>> Vera Noest
>> MCSE, CCEA, Microsoft MVP - Terminal Server
>> http://hem.fyristorg.com/vera/IT
>> --- please respond in newsgroup, NOT by private email ---
>>
>> "theitman" <nospam@olsbuff.com> wrote on 13 mar 2005 in
>> microsoft.public.windowsnt.terminalserver.misc:
>>
>>> -
>>> Hello everyone,
>>> Windows 2003 setup with Terminal Server
>>> Everything works as expected when I login with a user account
>>> from my local Domain (domain1) however, when I tried to logon
>>> to the Terminal Server with an account form one of our other
>>> doamain (domain2) I get the following error and can not logon.
>>> The local policy of this system does not permit you to logon
>>> interactively. Then I am disconnected.
>>> Any step by step help will be very helpful (This is the first
>>> Terminal Server I am tring to setup)
>>> As Always, Thank You in advance, Terry
Anonymous
March 17, 2005 3:43:16 PM

Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

-
Hi Vera,

Is it better to use Group Policies for this task (So everyone that loges
onto the Terminal Server gets the same desktop and program settings)?
I'm interested in Group Policies for this task, however, I have never use GP
and I don't know where to start.
If it's not to involved can you give me the step need to accomplish the
above.

Thanks in Advance,
Terry

PS: as long as you may be helping me do one GP is the there an easy way to
Turn OFF the Win XP Firewall on all the XP machines in one site in the AD?

Again Thanks so much for the help.

Terry



"Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message
news:Xns961AEBD31CFEBveranoesthemutforsse@207.46.248.16...
> That sounds correct. Every user that connects to this TS and *who
> has not yet an existing roaming TS-specific profile*, will receive
> a copy of the Default User profile that you created.
>
> If users have existing roaming TS profiles, they will *not* receive
> a copy of the Default User profile. You can force them to get one
> by deleteing theit existing roaming TS profile, but then they will
> also use this Ts profile on all other TS they connect to.
> So if this profile should be unique to this TS, make sure that
> users do *not* have roaming TS profiles. Note that you can use a
> GPO to force a local profile.
>
> If users have local TS profiles, you should be OK now.
>
> --
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> http://hem.fyristorg.com/vera/IT
> --- please respond in newsgroup, NOT by private email ---
>
> <NoSpamZtheitman@nospamZolsbuff.com> wrote on 15 mar 2005 in
> microsoft.public.windowsnt.terminalserver.misc:
>
>> -
>> Yes there is a Trust (I think by default) AD does this.
>> Wow had to add the Everyone group and then add the Domains to
>> the groups of users.
>> It's working now. Thanks for the help.
>>
>> Here is an easy one I'm sure,
>> I logged on to the Terminal Server as a user named "LikeThis"
>> setup all the programs and Desk Top, then setup all the option
>> the way I need them in MS Word and Excel. So the user profile
>> for the user "LikeThis" is perfect. No I want Everyone that logs
>> onto the terminal server to get this as the profile for their
>> Terminal Server session. I think I copy the user profile
>> "LikeThis" over the top on the Local Right click on My Computer,
>> System Properties, Advanced, User Profiles,Select the user
>> profile "LikeThis",then click on Copy To, and Brows to the
>> %system root%Documents and settings/Default User folder, then
>> click on OK.
>> I am guessing that this will cause ANY user that log onto this
>> Terminal Server to have the Setting I created for Word, Excel
>> (the Macro Security settings, set to Low etc.) am I correct?
>> Do I have all the correct steps?
>>
>> This is Windows Server 2003 running as Terminal Server.
>>
>> The reason I am NOT sure is because the Help file I found made
>> me think that these steps will change more than the users
>> profile on this Terminal Server. Sounded almost like I was
>> changing AL the User in the Domain. I ONLY want to control the
>> user profile on this ONE Terminal Server.
>>
>> Thanks in advance !!!
>> Terry
>>
>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote
>> in message
>> news:Xns9618ED717C2E3veranoesthemutforsse@207.46.248.16...
>>> Is there a trust relationship between these 2 domains?
>>> You have to make the \\domain2\username a member of the local
>>> built-in group "Remote Desktop Users" on the Terminal Server in
>>> domain1.
>>>
>>> If the Terminal Server is also a Domain Controller in domain 1
>>> (which is *not* recommmended!), then you have to give this user
>>> Log On Locally rights on the server (in the default Domain
>>> Controller Security Policy).
>>>
>>> --
>>> Vera Noest
>>> MCSE, CCEA, Microsoft MVP - Terminal Server
>>> http://hem.fyristorg.com/vera/IT
>>> --- please respond in newsgroup, NOT by private email ---
>>>
>>> "theitman" <nospam@olsbuff.com> wrote on 13 mar 2005 in
>>> microsoft.public.windowsnt.terminalserver.misc:
>>>
>>>> -
>>>> Hello everyone,
>>>> Windows 2003 setup with Terminal Server
>>>> Everything works as expected when I login with a user account
>>>> from my local Domain (domain1) however, when I tried to logon
>>>> to the Terminal Server with an account form one of our other
>>>> doamain (domain2) I get the following error and can not logon.
>>>> The local policy of this system does not permit you to logon
>>>> interactively. Then I am disconnected.
>>>> Any step by step help will be very helpful (This is the first
>>>> Terminal Server I am tring to setup)
>>>> As Always, Thank You in advance, Terry
Anonymous
March 18, 2005 5:00:57 PM

Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

Create the Default User profile on the TS as you described earlier
If you want to force the users to use a local profile on the TS,
create a Group Policy (in Active Directory Users and Computers),
link it to the Organizational Unit that contains your Terminal
Server, and enable the following setting:

Computer Configuration - Administrative templates - System - User
profiles
"Only allow local user profiles"

260370 - How to Apply Group Policy Objects to Terminal Services
Servers
http://support.microsoft.com/?kbid=260370

--
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
--- please respond in newsgroup, NOT by private email ---

"theitman" <nospam@olsbuff.com> wrote on 17 mar 2005 in
microsoft.public.windowsnt.terminalserver.misc:

> -
> Hi Vera,
>
> Is it better to use Group Policies for this task (So everyone
> that loges onto the Terminal Server gets the same desktop and
> program settings)? I'm interested in Group Policies for this
> task, however, I have never use GP and I don't know where to
> start. If it's not to involved can you give me the step need to
> accomplish the above.
>
> Thanks in Advance,
> Terry
>
> PS: as long as you may be helping me do one GP is the there an
> easy way to Turn OFF the Win XP Firewall on all the XP machines
> in one site in the AD?
>
> Again Thanks so much for the help.
>
> Terry
>
>
>
> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote
> in message
> news:Xns961AEBD31CFEBveranoesthemutforsse@207.46.248.16...
>> That sounds correct. Every user that connects to this TS and
>> *who has not yet an existing roaming TS-specific profile*, will
>> receive a copy of the Default User profile that you created.
>>
>> If users have existing roaming TS profiles, they will *not*
>> receive a copy of the Default User profile. You can force them
>> to get one by deleteing theit existing roaming TS profile, but
>> then they will also use this Ts profile on all other TS they
>> connect to. So if this profile should be unique to this TS,
>> make sure that users do *not* have roaming TS profiles. Note
>> that you can use a GPO to force a local profile.
>>
>> If users have local TS profiles, you should be OK now.
>>
>> --
>> Vera Noest
>> MCSE, CCEA, Microsoft MVP - Terminal Server
>> http://hem.fyristorg.com/vera/IT
>> --- please respond in newsgroup, NOT by private email ---
>>
>> <NoSpamZtheitman@nospamZolsbuff.com> wrote on 15 mar 2005 in
>> microsoft.public.windowsnt.terminalserver.misc:
>>
>>> -
>>> Yes there is a Trust (I think by default) AD does this.
>>> Wow had to add the Everyone group and then add the Domains to
>>> the groups of users.
>>> It's working now. Thanks for the help.
>>>
>>> Here is an easy one I'm sure,
>>> I logged on to the Terminal Server as a user named "LikeThis"
>>> setup all the programs and Desk Top, then setup all the option
>>> the way I need them in MS Word and Excel. So the user profile
>>> for the user "LikeThis" is perfect. No I want Everyone that
>>> logs onto the terminal server to get this as the profile for
>>> their Terminal Server session. I think I copy the user profile
>>> "LikeThis" over the top on the Local Right click on My
>>> Computer, System Properties, Advanced, User Profiles,Select
>>> the user profile "LikeThis",then click on Copy To, and Brows
>>> to the %system root%Documents and settings/Default User
>>> folder, then click on OK.
>>> I am guessing that this will cause ANY user that log onto this
>>> Terminal Server to have the Setting I created for Word, Excel
>>> (the Macro Security settings, set to Low etc.) am I correct?
>>> Do I have all the correct steps?
>>>
>>> This is Windows Server 2003 running as Terminal Server.
>>>
>>> The reason I am NOT sure is because the Help file I found made
>>> me think that these steps will change more than the users
>>> profile on this Terminal Server. Sounded almost like I was
>>> changing AL the User in the Domain. I ONLY want to control
>>> the user profile on this ONE Terminal Server.
>>>
>>> Thanks in advance !!!
>>> Terry
>>>
>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>
>>> wrote in message
>>> news:Xns9618ED717C2E3veranoesthemutforsse@207.46.248.16...
>>>> Is there a trust relationship between these 2 domains?
>>>> You have to make the \\domain2\username a member of the local
>>>> built-in group "Remote Desktop Users" on the Terminal Server
>>>> in domain1.
>>>>
>>>> If the Terminal Server is also a Domain Controller in domain
>>>> 1 (which is *not* recommmended!), then you have to give this
>>>> user Log On Locally rights on the server (in the default
>>>> Domain Controller Security Policy).
>>>>
>>>> --
>>>> Vera Noest
>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
>>>> http://hem.fyristorg.com/vera/IT
>>>> --- please respond in newsgroup, NOT by private email ---
>>>>
>>>> "theitman" <nospam@olsbuff.com> wrote on 13 mar 2005 in
>>>> microsoft.public.windowsnt.terminalserver.misc:
>>>>
>>>>> -
>>>>> Hello everyone,
>>>>> Windows 2003 setup with Terminal Server
>>>>> Everything works as expected when I login with a user
>>>>> account from my local Domain (domain1) however, when I tried
>>>>> to logon to the Terminal Server with an account form one of
>>>>> our other doamain (domain2) I get the following error and
>>>>> can not logon. The local policy of this system does not
>>>>> permit you to logon interactively. Then I am disconnected.
>>>>> Any step by step help will be very helpful (This is the
>>>>> first Terminal Server I am tring to setup)
>>>>> As Always, Thank You in advance, Terry
Anonymous
March 19, 2005 4:43:49 PM

Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

-
Hi Vera,

I am new to all this :) 
Here is what I did so far I got so far:

On the DC (APIDC1 located in api.armlink.com)
Followed the steps under Method 1 in 260370 (link you provided)
Created the OU on the DC computer (DC computer here is APIDC1) steps 1 - 9
OK
Created a Terminal Server Group Policy object , steps 1 - 5 OK
OU and Group Police named after the computer (API-Tserver) as mentioned in
the article.

On the Terminal Server (API-Tserver)
The Terminal Server Name is API-Tserver (Windows Server 2003 is a stand
alone)
I the steps you mentioned below on the Terminal Server.
I did this already:
created a Default User profile with all the setting I want.
Now when I copy the User Profile (LikeThis) onto the Default User Profile
(folder)
Do I also want to click on the Change button (located on this page
[Users or Built-in Groups] )
and enter "Everyone" ? The following is already listing the
following on this Permit to use [ Change ] page
From this location [Armlink.com] this is our domain
So do I need to add the everyone group in the Enter the object name to
select [ ] here?


Do I need to install something so I can work with Users and Computers on
this 2003 server (if I do where do I get the program)?

Thanks so much Vera,
I need baby steps :-)
Terry


"Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message
news:Xns961DEA27B54D2veranoesthemutforsse@207.46.248.16...
> Create the Default User profile on the TS as you described earlier
> If you want to force the users to use a local profile on the TS,
> create a Group Policy (in Active Directory Users and Computers),
> link it to the Organizational Unit that contains your Terminal
> Server, and enable the following setting:
>
> Computer Configuration - Administrative templates - System - User
> profiles
> "Only allow local user profiles"
>
> 260370 - How to Apply Group Policy Objects to Terminal Services
> Servers
> http://support.microsoft.com/?kbid=260370
>
> --
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> http://hem.fyristorg.com/vera/IT
> --- please respond in newsgroup, NOT by private email ---
>
> "theitman" <nospam@olsbuff.com> wrote on 17 mar 2005 in
> microsoft.public.windowsnt.terminalserver.misc:
>
>> -
>> Hi Vera,
>>
>> Is it better to use Group Policies for this task (So everyone
>> that loges onto the Terminal Server gets the same desktop and
>> program settings)? I'm interested in Group Policies for this
>> task, however, I have never use GP and I don't know where to
>> start. If it's not to involved can you give me the step need to
>> accomplish the above.
>>
>> Thanks in Advance,
>> Terry
>>
>> PS: as long as you may be helping me do one GP is the there an
>> easy way to Turn OFF the Win XP Firewall on all the XP machines
>> in one site in the AD?
>>
>> Again Thanks so much for the help.
>>
>> Terry
>>
>>
>>
>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote
>> in message
>> news:Xns961AEBD31CFEBveranoesthemutforsse@207.46.248.16...
>>> That sounds correct. Every user that connects to this TS and
>>> *who has not yet an existing roaming TS-specific profile*, will
>>> receive a copy of the Default User profile that you created.
>>>
>>> If users have existing roaming TS profiles, they will *not*
>>> receive a copy of the Default User profile. You can force them
>>> to get one by deleteing theit existing roaming TS profile, but
>>> then they will also use this Ts profile on all other TS they
>>> connect to. So if this profile should be unique to this TS,
>>> make sure that users do *not* have roaming TS profiles. Note
>>> that you can use a GPO to force a local profile.
>>>
>>> If users have local TS profiles, you should be OK now.
>>>
>>> --
>>> Vera Noest
>>> MCSE, CCEA, Microsoft MVP - Terminal Server
>>> http://hem.fyristorg.com/vera/IT
>>> --- please respond in newsgroup, NOT by private email ---
>>>
>>> <NoSpamZtheitman@nospamZolsbuff.com> wrote on 15 mar 2005 in
>>> microsoft.public.windowsnt.terminalserver.misc:
>>>
>>>> -
>>>> Yes there is a Trust (I think by default) AD does this.
>>>> Wow had to add the Everyone group and then add the Domains to
>>>> the groups of users.
>>>> It's working now. Thanks for the help.
>>>>
>>>> Here is an easy one I'm sure,
>>>> I logged on to the Terminal Server as a user named "LikeThis"
>>>> setup all the programs and Desk Top, then setup all the option
>>>> the way I need them in MS Word and Excel. So the user profile
>>>> for the user "LikeThis" is perfect. No I want Everyone that
>>>> logs onto the terminal server to get this as the profile for
>>>> their Terminal Server session. I think I copy the user profile
>>>> "LikeThis" over the top on the Local Right click on My
>>>> Computer, System Properties, Advanced, User Profiles,Select
>>>> the user profile "LikeThis",then click on Copy To, and Brows
>>>> to the %system root%Documents and settings/Default User
>>>> folder, then click on OK.
>>>> I am guessing that this will cause ANY user that log onto this
>>>> Terminal Server to have the Setting I created for Word, Excel
>>>> (the Macro Security settings, set to Low etc.) am I correct?
>>>> Do I have all the correct steps?
>>>>
>>>> This is Windows Server 2003 running as Terminal Server.
>>>>
>>>> The reason I am NOT sure is because the Help file I found made
>>>> me think that these steps will change more than the users
>>>> profile on this Terminal Server. Sounded almost like I was
>>>> changing AL the User in the Domain. I ONLY want to control
>>>> the user profile on this ONE Terminal Server.
>>>>
>>>> Thanks in advance !!!
>>>> Terry
>>>>
>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>
>>>> wrote in message
>>>> news:Xns9618ED717C2E3veranoesthemutforsse@207.46.248.16...
>>>>> Is there a trust relationship between these 2 domains?
>>>>> You have to make the \\domain2\username a member of the local
>>>>> built-in group "Remote Desktop Users" on the Terminal Server
>>>>> in domain1.
>>>>>
>>>>> If the Terminal Server is also a Domain Controller in domain
>>>>> 1 (which is *not* recommmended!), then you have to give this
>>>>> user Log On Locally rights on the server (in the default
>>>>> Domain Controller Security Policy).
>>>>>
>>>>> --
>>>>> Vera Noest
>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
>>>>> http://hem.fyristorg.com/vera/IT
>>>>> --- please respond in newsgroup, NOT by private email ---
>>>>>
>>>>> "theitman" <nospam@olsbuff.com> wrote on 13 mar 2005 in
>>>>> microsoft.public.windowsnt.terminalserver.misc:
>>>>>
>>>>>> -
>>>>>> Hello everyone,
>>>>>> Windows 2003 setup with Terminal Server
>>>>>> Everything works as expected when I login with a user
>>>>>> account from my local Domain (domain1) however, when I tried
>>>>>> to logon to the Terminal Server with an account form one of
>>>>>> our other doamain (domain2) I get the following error and
>>>>>> can not logon. The local policy of this system does not
>>>>>> permit you to logon interactively. Then I am disconnected.
>>>>>> Any step by step help will be very helpful (This is the
>>>>>> first Terminal Server I am tring to setup)
>>>>>> As Always, Thank You in advance, Terry
Anonymous
March 19, 2005 10:39:33 PM

Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

-
Hi Vera,

I copied the Profile I setup "LikeThis" I did NOT click on the [Change]
option mentioned below.
No I have a problem. All the users that logon get a very limited profile.
It is picking up the mapped drives OK from there Login script on the DC
(This is GOOD and I want this to happen)
However, there desktop ONLY shows the icon for out (for Office 2002
installed on this Terminal Server api-tserver)
None of the setting I set in the "LikeThis" profile are there.
If I brows to MS Word (Program Files, Microsoft Office, ...) and click on
Winword.exe Word will start but i get errors.
So,
How do I fix this so the users all get the proper setting from the Default
User when they login to this Terminal Server ?

Can you Please email me directly (I have to fix this ASAP)
my email address is: theitman at olsbuff.com

Thanks a lot for the help Vera !!!

Terry



"theitman" <nospam@olsbuff.com> wrote in message
news:%23oW3aOLLFHA.732@TK2MSFTNGP12.phx.gbl...
> -
> Hi Vera,
>
> I am new to all this :) 
> Here is what I did so far I got so far:
>
> On the DC (APIDC1 located in api.armlink.com)
> Followed the steps under Method 1 in 260370 (link you provided)
> Created the OU on the DC computer (DC computer here is APIDC1) steps 1 - 9
> OK
> Created a Terminal Server Group Policy object , steps 1 - 5 OK
> OU and Group Police named after the computer (API-Tserver) as mentioned in
> the article.
>
> On the Terminal Server (API-Tserver)
> The Terminal Server Name is API-Tserver (Windows Server 2003 is a stand
> alone)
> I the steps you mentioned below on the Terminal Server.
> I did this already:
> created a Default User profile with all the setting I want.
> Now when I copy the User Profile (LikeThis) onto the Default User Profile
> (folder)
> Do I also want to click on the Change button (located on this page
> [Users or Built-in Groups] )
> and enter "Everyone" ? The following is already listing the
> following on this Permit to use [ Change ] page
> From this location [Armlink.com] this is our domain
> So do I need to add the everyone group in the Enter the object name to
> select [ ] here?
>
>
> Do I need to install something so I can work with Users and Computers on
> this 2003 server (if I do where do I get the program)?
>
> Thanks so much Vera,
> I need baby steps :-)
> Terry
>
>
> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message
> news:Xns961DEA27B54D2veranoesthemutforsse@207.46.248.16...
>> Create the Default User profile on the TS as you described earlier
>> If you want to force the users to use a local profile on the TS,
>> create a Group Policy (in Active Directory Users and Computers),
>> link it to the Organizational Unit that contains your Terminal
>> Server, and enable the following setting:
>>
>> Computer Configuration - Administrative templates - System - User
>> profiles
>> "Only allow local user profiles"
>>
>> 260370 - How to Apply Group Policy Objects to Terminal Services
>> Servers
>> http://support.microsoft.com/?kbid=260370
>>
>> --
>> Vera Noest
>> MCSE, CCEA, Microsoft MVP - Terminal Server
>> http://hem.fyristorg.com/vera/IT
>> --- please respond in newsgroup, NOT by private email ---
>>
>> "theitman" <nospam@olsbuff.com> wrote on 17 mar 2005 in
>> microsoft.public.windowsnt.terminalserver.misc:
>>
>>> -
>>> Hi Vera,
>>>
>>> Is it better to use Group Policies for this task (So everyone
>>> that loges onto the Terminal Server gets the same desktop and
>>> program settings)? I'm interested in Group Policies for this
>>> task, however, I have never use GP and I don't know where to
>>> start. If it's not to involved can you give me the step need to
>>> accomplish the above.
>>>
>>> Thanks in Advance,
>>> Terry
>>>
>>> PS: as long as you may be helping me do one GP is the there an
>>> easy way to Turn OFF the Win XP Firewall on all the XP machines
>>> in one site in the AD?
>>>
>>> Again Thanks so much for the help.
>>>
>>> Terry
>>>
>>>
>>>
>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote
>>> in message
>>> news:Xns961AEBD31CFEBveranoesthemutforsse@207.46.248.16...
>>>> That sounds correct. Every user that connects to this TS and
>>>> *who has not yet an existing roaming TS-specific profile*, will
>>>> receive a copy of the Default User profile that you created.
>>>>
>>>> If users have existing roaming TS profiles, they will *not*
>>>> receive a copy of the Default User profile. You can force them
>>>> to get one by deleteing theit existing roaming TS profile, but
>>>> then they will also use this Ts profile on all other TS they
>>>> connect to. So if this profile should be unique to this TS,
>>>> make sure that users do *not* have roaming TS profiles. Note
>>>> that you can use a GPO to force a local profile.
>>>>
>>>> If users have local TS profiles, you should be OK now.
>>>>
>>>> --
>>>> Vera Noest
>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
>>>> http://hem.fyristorg.com/vera/IT
>>>> --- please respond in newsgroup, NOT by private email ---
>>>>
>>>> <NoSpamZtheitman@nospamZolsbuff.com> wrote on 15 mar 2005 in
>>>> microsoft.public.windowsnt.terminalserver.misc:
>>>>
>>>>> -
>>>>> Yes there is a Trust (I think by default) AD does this.
>>>>> Wow had to add the Everyone group and then add the Domains to
>>>>> the groups of users.
>>>>> It's working now. Thanks for the help.
>>>>>
>>>>> Here is an easy one I'm sure,
>>>>> I logged on to the Terminal Server as a user named "LikeThis"
>>>>> setup all the programs and Desk Top, then setup all the option
>>>>> the way I need them in MS Word and Excel. So the user profile
>>>>> for the user "LikeThis" is perfect. No I want Everyone that
>>>>> logs onto the terminal server to get this as the profile for
>>>>> their Terminal Server session. I think I copy the user profile
>>>>> "LikeThis" over the top on the Local Right click on My
>>>>> Computer, System Properties, Advanced, User Profiles,Select
>>>>> the user profile "LikeThis",then click on Copy To, and Brows
>>>>> to the %system root%Documents and settings/Default User
>>>>> folder, then click on OK.
>>>>> I am guessing that this will cause ANY user that log onto this
>>>>> Terminal Server to have the Setting I created for Word, Excel
>>>>> (the Macro Security settings, set to Low etc.) am I correct?
>>>>> Do I have all the correct steps?
>>>>>
>>>>> This is Windows Server 2003 running as Terminal Server.
>>>>>
>>>>> The reason I am NOT sure is because the Help file I found made
>>>>> me think that these steps will change more than the users
>>>>> profile on this Terminal Server. Sounded almost like I was
>>>>> changing AL the User in the Domain. I ONLY want to control
>>>>> the user profile on this ONE Terminal Server.
>>>>>
>>>>> Thanks in advance !!!
>>>>> Terry
>>>>>
>>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>
>>>>> wrote in message
>>>>> news:Xns9618ED717C2E3veranoesthemutforsse@207.46.248.16...
>>>>>> Is there a trust relationship between these 2 domains?
>>>>>> You have to make the \\domain2\username a member of the local
>>>>>> built-in group "Remote Desktop Users" on the Terminal Server
>>>>>> in domain1.
>>>>>>
>>>>>> If the Terminal Server is also a Domain Controller in domain
>>>>>> 1 (which is *not* recommmended!), then you have to give this
>>>>>> user Log On Locally rights on the server (in the default
>>>>>> Domain Controller Security Policy).
>>>>>>
>>>>>> --
>>>>>> Vera Noest
>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
>>>>>> http://hem.fyristorg.com/vera/IT
>>>>>> --- please respond in newsgroup, NOT by private email ---
>>>>>>
>>>>>> "theitman" <nospam@olsbuff.com> wrote on 13 mar 2005 in
>>>>>> microsoft.public.windowsnt.terminalserver.misc:
>>>>>>
>>>>>>> -
>>>>>>> Hello everyone,
>>>>>>> Windows 2003 setup with Terminal Server
>>>>>>> Everything works as expected when I login with a user
>>>>>>> account from my local Domain (domain1) however, when I tried
>>>>>>> to logon to the Terminal Server with an account form one of
>>>>>>> our other doamain (domain2) I get the following error and
>>>>>>> can not logon. The local policy of this system does not
>>>>>>> permit you to logon interactively. Then I am disconnected.
>>>>>>> Any step by step help will be very helpful (This is the
>>>>>>> first Terminal Server I am tring to setup)
>>>>>>> As Always, Thank You in advance, Terry
>
>
Anonymous
March 20, 2005 4:39:14 AM

Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

-
Hi Vera,

I know what I did wrong, I copied a Domain user profile over the Default
User :( 
Now I need to re-create the Default User profile or maybe try a repair or
Windows 2003 (is there anything you can think of)?
Maybe I have to Re-Install Windows 2003 ?
Whatever I need to do I need to do it today (Sunday)
Any suggestions on re-creating the Default User profile?
Right now No account including the local Administrator have all the programs
I installed and the programs are all missing fro Start, Programs 995 of the
programs are NOT listed here any longer.

Any suggestions?
Thanks, Terry



"theitman" <nospam@olsbuff.com> wrote in message
news:o ZijLVOLFHA.1884@TK2MSFTNGP15.phx.gbl...
> -
> Hi Vera,
>
> I copied the Profile I setup "LikeThis" I did NOT click on the [Change]
> option mentioned below.
> No I have a problem. All the users that logon get a very limited profile.
> It is picking up the mapped drives OK from there Login script on the DC
> (This is GOOD and I want this to happen)
> However, there desktop ONLY shows the icon for out (for Office 2002
> installed on this Terminal Server api-tserver)
> None of the setting I set in the "LikeThis" profile are there.
> If I brows to MS Word (Program Files, Microsoft Office, ...) and click on
> Winword.exe Word will start but i get errors.
> So,
> How do I fix this so the users all get the proper setting from the Default
> User when they login to this Terminal Server ?
>
> Can you Please email me directly (I have to fix this ASAP)
> my email address is: theitman at olsbuff.com
>
> Thanks a lot for the help Vera !!!
>
> Terry
>
>
>
> "theitman" <nospam@olsbuff.com> wrote in message
> news:%23oW3aOLLFHA.732@TK2MSFTNGP12.phx.gbl...
>> -
>> Hi Vera,
>>
>> I am new to all this :) 
>> Here is what I did so far I got so far:
>>
>> On the DC (APIDC1 located in api.armlink.com)
>> Followed the steps under Method 1 in 260370 (link you provided)
>> Created the OU on the DC computer (DC computer here is APIDC1) steps 1 -
>> 9 OK
>> Created a Terminal Server Group Policy object , steps 1 - 5 OK
>> OU and Group Police named after the computer (API-Tserver) as mentioned
>> in the article.
>>
>> On the Terminal Server (API-Tserver)
>> The Terminal Server Name is API-Tserver (Windows Server 2003 is a stand
>> alone)
>> I the steps you mentioned below on the Terminal Server.
>> I did this already:
>> created a Default User profile with all the setting I want.
>> Now when I copy the User Profile (LikeThis) onto the Default User
>> Profile (folder)
>> Do I also want to click on the Change button (located on this page
>> [Users or Built-in Groups] )
>> and enter "Everyone" ? The following is already listing the
>> following on this Permit to use [ Change ] page
>> From this location [Armlink.com] this is our domain
>> So do I need to add the everyone group in the Enter the object name to
>> select [ ] here?
>>
>>
>> Do I need to install something so I can work with Users and Computers on
>> this 2003 server (if I do where do I get the program)?
>>
>> Thanks so much Vera,
>> I need baby steps :-)
>> Terry
>>
>>
>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in
>> message news:Xns961DEA27B54D2veranoesthemutforsse@207.46.248.16...
>>> Create the Default User profile on the TS as you described earlier
>>> If you want to force the users to use a local profile on the TS,
>>> create a Group Policy (in Active Directory Users and Computers),
>>> link it to the Organizational Unit that contains your Terminal
>>> Server, and enable the following setting:
>>>
>>> Computer Configuration - Administrative templates - System - User
>>> profiles
>>> "Only allow local user profiles"
>>>
>>> 260370 - How to Apply Group Policy Objects to Terminal Services
>>> Servers
>>> http://support.microsoft.com/?kbid=260370
>>>
>>> --
>>> Vera Noest
>>> MCSE, CCEA, Microsoft MVP - Terminal Server
>>> http://hem.fyristorg.com/vera/IT
>>> --- please respond in newsgroup, NOT by private email ---
>>>
>>> "theitman" <nospam@olsbuff.com> wrote on 17 mar 2005 in
>>> microsoft.public.windowsnt.terminalserver.misc:
>>>
>>>> -
>>>> Hi Vera,
>>>>
>>>> Is it better to use Group Policies for this task (So everyone
>>>> that loges onto the Terminal Server gets the same desktop and
>>>> program settings)? I'm interested in Group Policies for this
>>>> task, however, I have never use GP and I don't know where to
>>>> start. If it's not to involved can you give me the step need to
>>>> accomplish the above.
>>>>
>>>> Thanks in Advance,
>>>> Terry
>>>>
>>>> PS: as long as you may be helping me do one GP is the there an
>>>> easy way to Turn OFF the Win XP Firewall on all the XP machines
>>>> in one site in the AD?
>>>>
>>>> Again Thanks so much for the help.
>>>>
>>>> Terry
>>>>
>>>>
>>>>
>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote
>>>> in message
>>>> news:Xns961AEBD31CFEBveranoesthemutforsse@207.46.248.16...
>>>>> That sounds correct. Every user that connects to this TS and
>>>>> *who has not yet an existing roaming TS-specific profile*, will
>>>>> receive a copy of the Default User profile that you created.
>>>>>
>>>>> If users have existing roaming TS profiles, they will *not*
>>>>> receive a copy of the Default User profile. You can force them
>>>>> to get one by deleteing theit existing roaming TS profile, but
>>>>> then they will also use this Ts profile on all other TS they
>>>>> connect to. So if this profile should be unique to this TS,
>>>>> make sure that users do *not* have roaming TS profiles. Note
>>>>> that you can use a GPO to force a local profile.
>>>>>
>>>>> If users have local TS profiles, you should be OK now.
>>>>>
>>>>> --
>>>>> Vera Noest
>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
>>>>> http://hem.fyristorg.com/vera/IT
>>>>> --- please respond in newsgroup, NOT by private email ---
>>>>>
>>>>> <NoSpamZtheitman@nospamZolsbuff.com> wrote on 15 mar 2005 in
>>>>> microsoft.public.windowsnt.terminalserver.misc:
>>>>>
>>>>>> -
>>>>>> Yes there is a Trust (I think by default) AD does this.
>>>>>> Wow had to add the Everyone group and then add the Domains to
>>>>>> the groups of users.
>>>>>> It's working now. Thanks for the help.
>>>>>>
>>>>>> Here is an easy one I'm sure,
>>>>>> I logged on to the Terminal Server as a user named "LikeThis"
>>>>>> setup all the programs and Desk Top, then setup all the option
>>>>>> the way I need them in MS Word and Excel. So the user profile
>>>>>> for the user "LikeThis" is perfect. No I want Everyone that
>>>>>> logs onto the terminal server to get this as the profile for
>>>>>> their Terminal Server session. I think I copy the user profile
>>>>>> "LikeThis" over the top on the Local Right click on My
>>>>>> Computer, System Properties, Advanced, User Profiles,Select
>>>>>> the user profile "LikeThis",then click on Copy To, and Brows
>>>>>> to the %system root%Documents and settings/Default User
>>>>>> folder, then click on OK.
>>>>>> I am guessing that this will cause ANY user that log onto this
>>>>>> Terminal Server to have the Setting I created for Word, Excel
>>>>>> (the Macro Security settings, set to Low etc.) am I correct?
>>>>>> Do I have all the correct steps?
>>>>>>
>>>>>> This is Windows Server 2003 running as Terminal Server.
>>>>>>
>>>>>> The reason I am NOT sure is because the Help file I found made
>>>>>> me think that these steps will change more than the users
>>>>>> profile on this Terminal Server. Sounded almost like I was
>>>>>> changing AL the User in the Domain. I ONLY want to control
>>>>>> the user profile on this ONE Terminal Server.
>>>>>>
>>>>>> Thanks in advance !!!
>>>>>> Terry
>>>>>>
>>>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>
>>>>>> wrote in message
>>>>>> news:Xns9618ED717C2E3veranoesthemutforsse@207.46.248.16...
>>>>>>> Is there a trust relationship between these 2 domains?
>>>>>>> You have to make the \\domain2\username a member of the local
>>>>>>> built-in group "Remote Desktop Users" on the Terminal Server
>>>>>>> in domain1.
>>>>>>>
>>>>>>> If the Terminal Server is also a Domain Controller in domain
>>>>>>> 1 (which is *not* recommmended!), then you have to give this
>>>>>>> user Log On Locally rights on the server (in the default
>>>>>>> Domain Controller Security Policy).
>>>>>>>
>>>>>>> --
>>>>>>> Vera Noest
>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
>>>>>>> http://hem.fyristorg.com/vera/IT
>>>>>>> --- please respond in newsgroup, NOT by private email ---
>>>>>>>
>>>>>>> "theitman" <nospam@olsbuff.com> wrote on 13 mar 2005 in
>>>>>>> microsoft.public.windowsnt.terminalserver.misc:
>>>>>>>
>>>>>>>> -
>>>>>>>> Hello everyone,
>>>>>>>> Windows 2003 setup with Terminal Server
>>>>>>>> Everything works as expected when I login with a user
>>>>>>>> account from my local Domain (domain1) however, when I tried
>>>>>>>> to logon to the Terminal Server with an account form one of
>>>>>>>> our other doamain (domain2) I get the following error and
>>>>>>>> can not logon. The local policy of this system does not
>>>>>>>> permit you to logon interactively. Then I am disconnected.
>>>>>>>> Any step by step help will be very helpful (This is the
>>>>>>>> first Terminal Server I am tring to setup)
>>>>>>>> As Always, Thank You in advance, Terry
>>
>>
>
>
Anonymous
March 20, 2005 9:52:54 AM

Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

You can re-create the shortcuts manually or re-install completely.
Which method is faster depends on how many shortcuts and settings
you have to configure manually, and how well you documented your
system.

I'm afraid that you have just learned the hard way that you always
need a backup before making major changes, preferably a total
system backup.
When modifying the Default User profile (or anything else for that
matter), first copy the existing folder to another folder before
you overwrite it. Delete the original only when you are 100% sure
that your modifications are OK.

--
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
--- please respond in newsgroup, NOT by private email ---

<NoSpamZtheitman@nospamZolsbuff.com> wrote on 20 mar 2005 in
microsoft.public.windowsnt.terminalserver.misc:

> -
> Hi Vera,
>
> I know what I did wrong, I copied a Domain user profile over the
> Default User :( 
> Now I need to re-create the Default User profile or maybe try a
> repair or Windows 2003 (is there anything you can think of)?
> Maybe I have to Re-Install Windows 2003 ?
> Whatever I need to do I need to do it today (Sunday)
> Any suggestions on re-creating the Default User profile?
> Right now No account including the local Administrator have all
> the programs I installed and the programs are all missing fro
> Start, Programs 995 of the programs are NOT listed here any
> longer.
>
> Any suggestions?
> Thanks, Terry
>
>
>
> "theitman" <nospam@olsbuff.com> wrote in message
> news:o ZijLVOLFHA.1884@TK2MSFTNGP15.phx.gbl...
>> -
>> Hi Vera,
>>
>> I copied the Profile I setup "LikeThis" I did NOT click on the
>> [Change] option mentioned below.
>> No I have a problem. All the users that logon get a very
>> limited profile. It is picking up the mapped drives OK from
>> there Login script on the DC (This is GOOD and I want this to
>> happen) However, there desktop ONLY shows the icon for out (for
>> Office 2002 installed on this Terminal Server api-tserver)
>> None of the setting I set in the "LikeThis" profile are there.
>> If I brows to MS Word (Program Files, Microsoft Office, ...)
>> and click on
>> Winword.exe Word will start but i get errors.
>> So,
>> How do I fix this so the users all get the proper setting from
>> the Default User when they login to this Terminal Server ?
>>
>> Can you Please email me directly (I have to fix this ASAP)
>> my email address is: theitman at olsbuff.com
>>
>> Thanks a lot for the help Vera !!!
>>
>> Terry
>>
>>
>>
>> "theitman" <nospam@olsbuff.com> wrote in message
>> news:%23oW3aOLLFHA.732@TK2MSFTNGP12.phx.gbl...
>>> -
>>> Hi Vera,
>>>
>>> I am new to all this :) 
>>> Here is what I did so far I got so far:
>>>
>>> On the DC (APIDC1 located in api.armlink.com)
>>> Followed the steps under Method 1 in 260370 (link you
>>> provided) Created the OU on the DC computer (DC computer here
>>> is APIDC1) steps 1 - 9 OK
>>> Created a Terminal Server Group Policy object , steps 1 - 5
>>> OK OU and Group Police named after the computer (API-Tserver)
>>> as mentioned in the article.
>>>
>>> On the Terminal Server (API-Tserver)
>>> The Terminal Server Name is API-Tserver (Windows Server 2003
>>> is a stand alone)
>>> I the steps you mentioned below on the Terminal Server.
>>> I did this already:
>>> created a Default User profile with all the setting I
>>> want.
>>> Now when I copy the User Profile (LikeThis) onto the Default
>>> User
>>> Profile (folder)
>>> Do I also want to click on the Change button (located on
>>> this page
>>> [Users or Built-in Groups] )
>>> and enter "Everyone" ? The following is already
>>> listing the
>>> following on this Permit to use [ Change ] page
>>> From this location [Armlink.com] this is our domain
>>> So do I need to add the everyone group in the Enter the
>>> object name to
>>> select [ ] here?
>>>
>>>
>>> Do I need to install something so I can work with Users and
>>> Computers on this 2003 server (if I do where do I get the
>>> program)?
>>>
>>> Thanks so much Vera,
>>> I need baby steps :-)
>>> Terry
>>>
>>>
>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>
>>> wrote in message
>>> news:Xns961DEA27B54D2veranoesthemutforsse@207.46.248.16...
>>>> Create the Default User profile on the TS as you described
>>>> earlier If you want to force the users to use a local profile
>>>> on the TS, create a Group Policy (in Active Directory Users
>>>> and Computers), link it to the Organizational Unit that
>>>> contains your Terminal Server, and enable the following
>>>> setting:
>>>>
>>>> Computer Configuration - Administrative templates - System -
>>>> User profiles
>>>> "Only allow local user profiles"
>>>>
>>>> 260370 - How to Apply Group Policy Objects to Terminal
>>>> Services Servers
>>>> http://support.microsoft.com/?kbid=260370
>>>>
>>>> --
>>>> Vera Noest
>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
>>>> http://hem.fyristorg.com/vera/IT
>>>> --- please respond in newsgroup, NOT by private email ---
>>>>
>>>> "theitman" <nospam@olsbuff.com> wrote on 17 mar 2005 in
>>>> microsoft.public.windowsnt.terminalserver.misc:
>>>>
>>>>> -
>>>>> Hi Vera,
>>>>>
>>>>> Is it better to use Group Policies for this task (So
>>>>> everyone that loges onto the Terminal Server gets the same
>>>>> desktop and program settings)? I'm interested in Group
>>>>> Policies for this task, however, I have never use GP and I
>>>>> don't know where to start. If it's not to involved can you
>>>>> give me the step need to accomplish the above.
>>>>>
>>>>> Thanks in Advance,
>>>>> Terry
>>>>>
>>>>> PS: as long as you may be helping me do one GP is the there
>>>>> an easy way to Turn OFF the Win XP Firewall on all the XP
>>>>> machines in one site in the AD?
>>>>>
>>>>> Again Thanks so much for the help.
>>>>>
>>>>> Terry
>>>>>
>>>>>
>>>>>
>>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>
>>>>> wrote in message
>>>>> news:Xns961AEBD31CFEBveranoesthemutforsse@207.46.248.16...
>>>>>> That sounds correct. Every user that connects to this TS
>>>>>> and *who has not yet an existing roaming TS-specific
>>>>>> profile*, will receive a copy of the Default User profile
>>>>>> that you created.
>>>>>>
>>>>>> If users have existing roaming TS profiles, they will *not*
>>>>>> receive a copy of the Default User profile. You can force
>>>>>> them to get one by deleteing theit existing roaming TS
>>>>>> profile, but then they will also use this Ts profile on all
>>>>>> other TS they connect to. So if this profile should be
>>>>>> unique to this TS, make sure that users do *not* have
>>>>>> roaming TS profiles. Note that you can use a GPO to force a
>>>>>> local profile.
>>>>>>
>>>>>> If users have local TS profiles, you should be OK now.
>>>>>>
>>>>>> --
>>>>>> Vera Noest
>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
>>>>>> http://hem.fyristorg.com/vera/IT
>>>>>> --- please respond in newsgroup, NOT by private email ---
>>>>>>
>>>>>> <NoSpamZtheitman@nospamZolsbuff.com> wrote on 15 mar 2005
>>>>>> in microsoft.public.windowsnt.terminalserver.misc:
>>>>>>
>>>>>>> -
>>>>>>> Yes there is a Trust (I think by default) AD does this.
>>>>>>> Wow had to add the Everyone group and then add the Domains
>>>>>>> to the groups of users.
>>>>>>> It's working now. Thanks for the help.
>>>>>>>
>>>>>>> Here is an easy one I'm sure,
>>>>>>> I logged on to the Terminal Server as a user named
>>>>>>> "LikeThis" setup all the programs and Desk Top, then setup
>>>>>>> all the option the way I need them in MS Word and Excel.
>>>>>>> So the user profile for the user "LikeThis" is perfect. No
>>>>>>> I want Everyone that logs onto the terminal server to get
>>>>>>> this as the profile for their Terminal Server session. I
>>>>>>> think I copy the user profile "LikeThis" over the top on
>>>>>>> the Local Right click on My Computer, System Properties,
>>>>>>> Advanced, User Profiles,Select the user profile
>>>>>>> "LikeThis",then click on Copy To, and Brows to the %system
>>>>>>> root%Documents and settings/Default User folder, then
>>>>>>> click on OK. I am guessing that this will cause ANY user
>>>>>>> that log onto this Terminal Server to have the Setting I
>>>>>>> created for Word, Excel (the Macro Security settings, set
>>>>>>> to Low etc.) am I correct? Do I have all the correct
>>>>>>> steps?
>>>>>>>
>>>>>>> This is Windows Server 2003 running as Terminal Server.
>>>>>>>
>>>>>>> The reason I am NOT sure is because the Help file I found
>>>>>>> made me think that these steps will change more than the
>>>>>>> users profile on this Terminal Server. Sounded almost like
>>>>>>> I was changing AL the User in the Domain. I ONLY want to
>>>>>>> control the user profile on this ONE Terminal Server.
>>>>>>>
>>>>>>> Thanks in advance !!!
>>>>>>> Terry
>>>>>>>
>>>>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>
>>>>>>> wrote in message
>>>>>>> news:Xns9618ED717C2E3veranoesthemutforsse@207.46.248.16...
>>>>>>>> Is there a trust relationship between these 2 domains?
>>>>>>>> You have to make the \\domain2\username a member of the
>>>>>>>> local built-in group "Remote Desktop Users" on the
>>>>>>>> Terminal Server in domain1.
>>>>>>>>
>>>>>>>> If the Terminal Server is also a Domain Controller in
>>>>>>>> domain 1 (which is *not* recommmended!), then you have to
>>>>>>>> give this user Log On Locally rights on the server (in
>>>>>>>> the default Domain Controller Security Policy).
>>>>>>>>
>>>>>>>> --
>>>>>>>> Vera Noest
>>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
>>>>>>>> http://hem.fyristorg.com/vera/IT
>>>>>>>> --- please respond in newsgroup, NOT by private email ---
>>>>>>>>
>>>>>>>> "theitman" <nospam@olsbuff.com> wrote on 13 mar 2005 in
>>>>>>>> microsoft.public.windowsnt.terminalserver.misc:
>>>>>>>>
>>>>>>>>> -
>>>>>>>>> Hello everyone,
>>>>>>>>> Windows 2003 setup with Terminal Server
>>>>>>>>> Everything works as expected when I login with a user
>>>>>>>>> account from my local Domain (domain1) however, when I
>>>>>>>>> tried to logon to the Terminal Server with an account
>>>>>>>>> form one of our other doamain (domain2) I get the
>>>>>>>>> following error and can not logon. The local policy of
>>>>>>>>> this system does not permit you to logon interactively.
>>>>>>>>> Then I am disconnected. Any step by step help will be
>>>>>>>>> very helpful (This is the first Terminal Server I am
>>>>>>>>> tring to setup) As Always, Thank You in advance, Terry
Anonymous
March 21, 2005 12:37:52 AM

Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

-
Vera,
Well, your correct :( 
Ok I reinstall a fresh copy and I am back to my starting point.

I still have one question:
After the "copy to" do I need to click on the [Change ] button a enter
"everyone"

Thanks,
Terry


"Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message
news:Xns961FA1954A162veranoesthemutforsse@207.46.248.16...
> You can re-create the shortcuts manually or re-install completely.
> Which method is faster depends on how many shortcuts and settings
> you have to configure manually, and how well you documented your
> system.
>
> I'm afraid that you have just learned the hard way that you always
> need a backup before making major changes, preferably a total
> system backup.
> When modifying the Default User profile (or anything else for that
> matter), first copy the existing folder to another folder before
> you overwrite it. Delete the original only when you are 100% sure
> that your modifications are OK.
>
> --
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> http://hem.fyristorg.com/vera/IT
> --- please respond in newsgroup, NOT by private email ---
>
> <NoSpamZtheitman@nospamZolsbuff.com> wrote on 20 mar 2005 in
> microsoft.public.windowsnt.terminalserver.misc:
>
>> -
>> Hi Vera,
>>
>> I know what I did wrong, I copied a Domain user profile over the
>> Default User :( 
>> Now I need to re-create the Default User profile or maybe try a
>> repair or Windows 2003 (is there anything you can think of)?
>> Maybe I have to Re-Install Windows 2003 ?
>> Whatever I need to do I need to do it today (Sunday)
>> Any suggestions on re-creating the Default User profile?
>> Right now No account including the local Administrator have all
>> the programs I installed and the programs are all missing fro
>> Start, Programs 995 of the programs are NOT listed here any
>> longer.
>>
>> Any suggestions?
>> Thanks, Terry
>>
>>
>>
>> "theitman" <nospam@olsbuff.com> wrote in message
>> news:o ZijLVOLFHA.1884@TK2MSFTNGP15.phx.gbl...
>>> -
>>> Hi Vera,
>>>
>>> I copied the Profile I setup "LikeThis" I did NOT click on the
>>> [Change] option mentioned below.
>>> No I have a problem. All the users that logon get a very
>>> limited profile. It is picking up the mapped drives OK from
>>> there Login script on the DC (This is GOOD and I want this to
>>> happen) However, there desktop ONLY shows the icon for out (for
>>> Office 2002 installed on this Terminal Server api-tserver)
>>> None of the setting I set in the "LikeThis" profile are there.
>>> If I brows to MS Word (Program Files, Microsoft Office, ...)
>>> and click on
>>> Winword.exe Word will start but i get errors.
>>> So,
>>> How do I fix this so the users all get the proper setting from
>>> the Default User when they login to this Terminal Server ?
>>>
>>> Can you Please email me directly (I have to fix this ASAP)
>>> my email address is: theitman at olsbuff.com
>>>
>>> Thanks a lot for the help Vera !!!
>>>
>>> Terry
>>>
>>>
>>>
>>> "theitman" <nospam@olsbuff.com> wrote in message
>>> news:%23oW3aOLLFHA.732@TK2MSFTNGP12.phx.gbl...
>>>> -
>>>> Hi Vera,
>>>>
>>>> I am new to all this :) 
>>>> Here is what I did so far I got so far:
>>>>
>>>> On the DC (APIDC1 located in api.armlink.com)
>>>> Followed the steps under Method 1 in 260370 (link you
>>>> provided) Created the OU on the DC computer (DC computer here
>>>> is APIDC1) steps 1 - 9 OK
>>>> Created a Terminal Server Group Policy object , steps 1 - 5
>>>> OK OU and Group Police named after the computer (API-Tserver)
>>>> as mentioned in the article.
>>>>
>>>> On the Terminal Server (API-Tserver)
>>>> The Terminal Server Name is API-Tserver (Windows Server 2003
>>>> is a stand alone)
>>>> I the steps you mentioned below on the Terminal Server.
>>>> I did this already:
>>>> created a Default User profile with all the setting I
>>>> want.
>>>> Now when I copy the User Profile (LikeThis) onto the Default
>>>> User
>>>> Profile (folder)
>>>> Do I also want to click on the Change button (located on
>>>> this page
>>>> [Users or Built-in Groups] )
>>>> and enter "Everyone" ? The following is already
>>>> listing the
>>>> following on this Permit to use [ Change ] page
>>>> From this location [Armlink.com] this is our domain
>>>> So do I need to add the everyone group in the Enter the
>>>> object name to
>>>> select [ ] here?
>>>>
>>>>
>>>> Do I need to install something so I can work with Users and
>>>> Computers on this 2003 server (if I do where do I get the
>>>> program)?
>>>>
>>>> Thanks so much Vera,
>>>> I need baby steps :-)
>>>> Terry
>>>>
>>>>
>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>
>>>> wrote in message
>>>> news:Xns961DEA27B54D2veranoesthemutforsse@207.46.248.16...
>>>>> Create the Default User profile on the TS as you described
>>>>> earlier If you want to force the users to use a local profile
>>>>> on the TS, create a Group Policy (in Active Directory Users
>>>>> and Computers), link it to the Organizational Unit that
>>>>> contains your Terminal Server, and enable the following
>>>>> setting:
>>>>>
>>>>> Computer Configuration - Administrative templates - System -
>>>>> User profiles
>>>>> "Only allow local user profiles"
>>>>>
>>>>> 260370 - How to Apply Group Policy Objects to Terminal
>>>>> Services Servers
>>>>> http://support.microsoft.com/?kbid=260370
>>>>>
>>>>> --
>>>>> Vera Noest
>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
>>>>> http://hem.fyristorg.com/vera/IT
>>>>> --- please respond in newsgroup, NOT by private email ---
>>>>>
>>>>> "theitman" <nospam@olsbuff.com> wrote on 17 mar 2005 in
>>>>> microsoft.public.windowsnt.terminalserver.misc:
>>>>>
>>>>>> -
>>>>>> Hi Vera,
>>>>>>
>>>>>> Is it better to use Group Policies for this task (So
>>>>>> everyone that loges onto the Terminal Server gets the same
>>>>>> desktop and program settings)? I'm interested in Group
>>>>>> Policies for this task, however, I have never use GP and I
>>>>>> don't know where to start. If it's not to involved can you
>>>>>> give me the step need to accomplish the above.
>>>>>>
>>>>>> Thanks in Advance,
>>>>>> Terry
>>>>>>
>>>>>> PS: as long as you may be helping me do one GP is the there
>>>>>> an easy way to Turn OFF the Win XP Firewall on all the XP
>>>>>> machines in one site in the AD?
>>>>>>
>>>>>> Again Thanks so much for the help.
>>>>>>
>>>>>> Terry
>>>>>>
>>>>>>
>>>>>>
>>>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>
>>>>>> wrote in message
>>>>>> news:Xns961AEBD31CFEBveranoesthemutforsse@207.46.248.16...
>>>>>>> That sounds correct. Every user that connects to this TS
>>>>>>> and *who has not yet an existing roaming TS-specific
>>>>>>> profile*, will receive a copy of the Default User profile
>>>>>>> that you created.
>>>>>>>
>>>>>>> If users have existing roaming TS profiles, they will *not*
>>>>>>> receive a copy of the Default User profile. You can force
>>>>>>> them to get one by deleteing theit existing roaming TS
>>>>>>> profile, but then they will also use this Ts profile on all
>>>>>>> other TS they connect to. So if this profile should be
>>>>>>> unique to this TS, make sure that users do *not* have
>>>>>>> roaming TS profiles. Note that you can use a GPO to force a
>>>>>>> local profile.
>>>>>>>
>>>>>>> If users have local TS profiles, you should be OK now.
>>>>>>>
>>>>>>> --
>>>>>>> Vera Noest
>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
>>>>>>> http://hem.fyristorg.com/vera/IT
>>>>>>> --- please respond in newsgroup, NOT by private email ---
>>>>>>>
>>>>>>> <NoSpamZtheitman@nospamZolsbuff.com> wrote on 15 mar 2005
>>>>>>> in microsoft.public.windowsnt.terminalserver.misc:
>>>>>>>
>>>>>>>> -
>>>>>>>> Yes there is a Trust (I think by default) AD does this.
>>>>>>>> Wow had to add the Everyone group and then add the Domains
>>>>>>>> to the groups of users.
>>>>>>>> It's working now. Thanks for the help.
>>>>>>>>
>>>>>>>> Here is an easy one I'm sure,
>>>>>>>> I logged on to the Terminal Server as a user named
>>>>>>>> "LikeThis" setup all the programs and Desk Top, then setup
>>>>>>>> all the option the way I need them in MS Word and Excel.
>>>>>>>> So the user profile for the user "LikeThis" is perfect. No
>>>>>>>> I want Everyone that logs onto the terminal server to get
>>>>>>>> this as the profile for their Terminal Server session. I
>>>>>>>> think I copy the user profile "LikeThis" over the top on
>>>>>>>> the Local Right click on My Computer, System Properties,
>>>>>>>> Advanced, User Profiles,Select the user profile
>>>>>>>> "LikeThis",then click on Copy To, and Brows to the %system
>>>>>>>> root%Documents and settings/Default User folder, then
>>>>>>>> click on OK. I am guessing that this will cause ANY user
>>>>>>>> that log onto this Terminal Server to have the Setting I
>>>>>>>> created for Word, Excel (the Macro Security settings, set
>>>>>>>> to Low etc.) am I correct? Do I have all the correct
>>>>>>>> steps?
>>>>>>>>
>>>>>>>> This is Windows Server 2003 running as Terminal Server.
>>>>>>>>
>>>>>>>> The reason I am NOT sure is because the Help file I found
>>>>>>>> made me think that these steps will change more than the
>>>>>>>> users profile on this Terminal Server. Sounded almost like
>>>>>>>> I was changing AL the User in the Domain. I ONLY want to
>>>>>>>> control the user profile on this ONE Terminal Server.
>>>>>>>>
>>>>>>>> Thanks in advance !!!
>>>>>>>> Terry
>>>>>>>>
>>>>>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>
>>>>>>>> wrote in message
>>>>>>>> news:Xns9618ED717C2E3veranoesthemutforsse@207.46.248.16...
>>>>>>>>> Is there a trust relationship between these 2 domains?
>>>>>>>>> You have to make the \\domain2\username a member of the
>>>>>>>>> local built-in group "Remote Desktop Users" on the
>>>>>>>>> Terminal Server in domain1.
>>>>>>>>>
>>>>>>>>> If the Terminal Server is also a Domain Controller in
>>>>>>>>> domain 1 (which is *not* recommmended!), then you have to
>>>>>>>>> give this user Log On Locally rights on the server (in
>>>>>>>>> the default Domain Controller Security Policy).
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Vera Noest
>>>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
>>>>>>>>> http://hem.fyristorg.com/vera/IT
>>>>>>>>> --- please respond in newsgroup, NOT by private email ---
>>>>>>>>>
>>>>>>>>> "theitman" <nospam@olsbuff.com> wrote on 13 mar 2005 in
>>>>>>>>> microsoft.public.windowsnt.terminalserver.misc:
>>>>>>>>>
>>>>>>>>>> -
>>>>>>>>>> Hello everyone,
>>>>>>>>>> Windows 2003 setup with Terminal Server
>>>>>>>>>> Everything works as expected when I login with a user
>>>>>>>>>> account from my local Domain (domain1) however, when I
>>>>>>>>>> tried to logon to the Terminal Server with an account
>>>>>>>>>> form one of our other doamain (domain2) I get the
>>>>>>>>>> following error and can not logon. The local policy of
>>>>>>>>>> this system does not permit you to logon interactively.
>>>>>>>>>> Then I am disconnected. Any step by step help will be
>>>>>>>>>> very helpful (This is the first Terminal Server I am
>>>>>>>>>> tring to setup) As Always, Thank You in advance, Terry
Anonymous
March 21, 2005 5:43:15 PM

Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

Yes, I would add Everyone here, to be sure that you don't get
permission problems.

--
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
--- please respond in newsgroup, NOT by private email ---

<NoSpamZtheitman@nospamZolsbuff.com> wrote on 21 mar 2005 in
microsoft.public.windowsnt.terminalserver.misc:

> -
> Vera,
> Well, your correct :( 
> Ok I reinstall a fresh copy and I am back to my starting point.
>
> I still have one question:
> After the "copy to" do I need to click on the [Change ] button
> a enter "everyone"
>
> Thanks,
> Terry
>
>
> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote
> in message
> news:Xns961FA1954A162veranoesthemutforsse@207.46.248.16...
>> You can re-create the shortcuts manually or re-install
>> completely. Which method is faster depends on how many
>> shortcuts and settings you have to configure manually, and how
>> well you documented your system.
>>
>> I'm afraid that you have just learned the hard way that you
>> always need a backup before making major changes, preferably a
>> total system backup.
>> When modifying the Default User profile (or anything else for
>> that matter), first copy the existing folder to another folder
>> before you overwrite it. Delete the original only when you are
>> 100% sure that your modifications are OK.
>>
>> --
>> Vera Noest
>> MCSE, CCEA, Microsoft MVP - Terminal Server
>> http://hem.fyristorg.com/vera/IT
>> --- please respond in newsgroup, NOT by private email ---
>>
>> <NoSpamZtheitman@nospamZolsbuff.com> wrote on 20 mar 2005 in
>> microsoft.public.windowsnt.terminalserver.misc:
>>
>>> -
>>> Hi Vera,
>>>
>>> I know what I did wrong, I copied a Domain user profile over
>>> the Default User :( 
>>> Now I need to re-create the Default User profile or maybe try
>>> a repair or Windows 2003 (is there anything you can think of)?
>>> Maybe I have to Re-Install Windows 2003 ?
>>> Whatever I need to do I need to do it today (Sunday)
>>> Any suggestions on re-creating the Default User profile?
>>> Right now No account including the local Administrator have
>>> all the programs I installed and the programs are all missing
>>> fro Start, Programs 995 of the programs are NOT listed here
>>> any longer.
>>>
>>> Any suggestions?
>>> Thanks, Terry
>>>
>>>
>>>
>>> "theitman" <nospam@olsbuff.com> wrote in message
>>> news:o ZijLVOLFHA.1884@TK2MSFTNGP15.phx.gbl...
>>>> -
>>>> Hi Vera,
>>>>
>>>> I copied the Profile I setup "LikeThis" I did NOT click on
>>>> the [Change] option mentioned below.
>>>> No I have a problem. All the users that logon get a very
>>>> limited profile. It is picking up the mapped drives OK from
>>>> there Login script on the DC (This is GOOD and I want this to
>>>> happen) However, there desktop ONLY shows the icon for out
>>>> (for Office 2002 installed on this Terminal Server
>>>> api-tserver)
>>>> None of the setting I set in the "LikeThis" profile are
>>>> there. If I brows to MS Word (Program Files, Microsoft
>>>> Office, ...) and click on
>>>> Winword.exe Word will start but i get errors.
>>>> So,
>>>> How do I fix this so the users all get the proper setting
>>>> from the Default User when they login to this Terminal Server
>>>> ?
>>>>
>>>> Can you Please email me directly (I have to fix this ASAP)
>>>> my email address is: theitman at olsbuff.com
>>>>
>>>> Thanks a lot for the help Vera !!!
>>>>
>>>> Terry
>>>>
>>>>
>>>>
>>>> "theitman" <nospam@olsbuff.com> wrote in message
>>>> news:%23oW3aOLLFHA.732@TK2MSFTNGP12.phx.gbl...
>>>>> -
>>>>> Hi Vera,
>>>>>
>>>>> I am new to all this :) 
>>>>> Here is what I did so far I got so far:
>>>>>
>>>>> On the DC (APIDC1 located in api.armlink.com)
>>>>> Followed the steps under Method 1 in 260370 (link you
>>>>> provided) Created the OU on the DC computer (DC computer
>>>>> here is APIDC1) steps 1 - 9 OK
>>>>> Created a Terminal Server Group Policy object , steps 1 - 5
>>>>> OK OU and Group Police named after the computer
>>>>> (API-Tserver) as mentioned in the article.
>>>>>
>>>>> On the Terminal Server (API-Tserver)
>>>>> The Terminal Server Name is API-Tserver (Windows Server
>>>>> 2003 is a stand alone)
>>>>> I the steps you mentioned below on the Terminal Server.
>>>>> I did this already:
>>>>> created a Default User profile with all the setting I
>>>>> want.
>>>>> Now when I copy the User Profile (LikeThis) onto the
>>>>> Default User
>>>>> Profile (folder)
>>>>> Do I also want to click on the Change button (located
>>>>> on this page
>>>>> [Users or Built-in Groups] )
>>>>> and enter "Everyone" ? The following is already
>>>>> listing the
>>>>> following on this Permit to use [ Change ] page
>>>>> From this location [Armlink.com] this is our domain
>>>>> So do I need to add the everyone group in the Enter the
>>>>> object name to
>>>>> select [ ] here?
>>>>>
>>>>>
>>>>> Do I need to install something so I can work with Users and
>>>>> Computers on this 2003 server (if I do where do I get the
>>>>> program)?
>>>>>
>>>>> Thanks so much Vera,
>>>>> I need baby steps :-)
>>>>> Terry
>>>>>
>>>>>
>>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>
>>>>> wrote in message
>>>>> news:Xns961DEA27B54D2veranoesthemutforsse@207.46.248.16...
>>>>>> Create the Default User profile on the TS as you described
>>>>>> earlier If you want to force the users to use a local
>>>>>> profile on the TS, create a Group Policy (in Active
>>>>>> Directory Users and Computers), link it to the
>>>>>> Organizational Unit that contains your Terminal Server, and
>>>>>> enable the following setting:
>>>>>>
>>>>>> Computer Configuration - Administrative templates - System
>>>>>> - User profiles
>>>>>> "Only allow local user profiles"
>>>>>>
>>>>>> 260370 - How to Apply Group Policy Objects to Terminal
>>>>>> Services Servers
>>>>>> http://support.microsoft.com/?kbid=260370
>>>>>>
>>>>>> --
>>>>>> Vera Noest
>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
>>>>>> http://hem.fyristorg.com/vera/IT
>>>>>> --- please respond in newsgroup, NOT by private email ---
>>>>>>
>>>>>> "theitman" <nospam@olsbuff.com> wrote on 17 mar 2005 in
>>>>>> microsoft.public.windowsnt.terminalserver.misc:
>>>>>>
>>>>>>> -
>>>>>>> Hi Vera,
>>>>>>>
>>>>>>> Is it better to use Group Policies for this task (So
>>>>>>> everyone that loges onto the Terminal Server gets the same
>>>>>>> desktop and program settings)? I'm interested in Group
>>>>>>> Policies for this task, however, I have never use GP and I
>>>>>>> don't know where to start. If it's not to involved can you
>>>>>>> give me the step need to accomplish the above.
>>>>>>>
>>>>>>> Thanks in Advance,
>>>>>>> Terry
>>>>>>>
>>>>>>> PS: as long as you may be helping me do one GP is the
>>>>>>> there an easy way to Turn OFF the Win XP Firewall on all
>>>>>>> the XP machines in one site in the AD?
>>>>>>>
>>>>>>> Again Thanks so much for the help.
>>>>>>>
>>>>>>> Terry
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>
>>>>>>> wrote in message
>>>>>>> news:Xns961AEBD31CFEBveranoesthemutforsse@207.46.248.16...
>>>>>>>> That sounds correct. Every user that connects to this TS
>>>>>>>> and *who has not yet an existing roaming TS-specific
>>>>>>>> profile*, will receive a copy of the Default User profile
>>>>>>>> that you created.
>>>>>>>>
>>>>>>>> If users have existing roaming TS profiles, they will
>>>>>>>> *not* receive a copy of the Default User profile. You can
>>>>>>>> force them to get one by deleteing theit existing roaming
>>>>>>>> TS profile, but then they will also use this Ts profile
>>>>>>>> on all other TS they connect to. So if this profile
>>>>>>>> should be unique to this TS, make sure that users do
>>>>>>>> *not* have roaming TS profiles. Note that you can use a
>>>>>>>> GPO to force a local profile.
>>>>>>>>
>>>>>>>> If users have local TS profiles, you should be OK now.
>>>>>>>>
>>>>>>>> --
>>>>>>>> Vera Noest
>>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
>>>>>>>> http://hem.fyristorg.com/vera/IT
>>>>>>>> --- please respond in newsgroup, NOT by private email ---
>>>>>>>>
>>>>>>>> <NoSpamZtheitman@nospamZolsbuff.com> wrote on 15 mar 2005
>>>>>>>> in microsoft.public.windowsnt.terminalserver.misc:
>>>>>>>>
>>>>>>>>> -
>>>>>>>>> Yes there is a Trust (I think by default) AD does this.
>>>>>>>>> Wow had to add the Everyone group and then add the
>>>>>>>>> Domains to the groups of users.
>>>>>>>>> It's working now. Thanks for the help.
>>>>>>>>>
>>>>>>>>> Here is an easy one I'm sure,
>>>>>>>>> I logged on to the Terminal Server as a user named
>>>>>>>>> "LikeThis" setup all the programs and Desk Top, then
>>>>>>>>> setup all the option the way I need them in MS Word and
>>>>>>>>> Excel. So the user profile for the user "LikeThis" is
>>>>>>>>> perfect. No I want Everyone that logs onto the terminal
>>>>>>>>> server to get this as the profile for their Terminal
>>>>>>>>> Server session. I think I copy the user profile
>>>>>>>>> "LikeThis" over the top on the Local Right click on My
>>>>>>>>> Computer, System Properties, Advanced, User
>>>>>>>>> Profiles,Select the user profile "LikeThis",then click
>>>>>>>>> on Copy To, and Brows to the %system root%Documents and
>>>>>>>>> settings/Default User folder, then click on OK. I am
>>>>>>>>> guessing that this will cause ANY user that log onto
>>>>>>>>> this Terminal Server to have the Setting I created for
>>>>>>>>> Word, Excel (the Macro Security settings, set
>>>>>>>>> to Low etc.) am I correct? Do I have all the correct
>>>>>>>>> steps?
>>>>>>>>>
>>>>>>>>> This is Windows Server 2003 running as Terminal Server.
>>>>>>>>>
>>>>>>>>> The reason I am NOT sure is because the Help file I
>>>>>>>>> found made me think that these steps will change more
>>>>>>>>> than the users profile on this Terminal Server. Sounded
>>>>>>>>> almost like I was changing AL the User in the Domain. I
>>>>>>>>> ONLY want to control the user profile on this ONE
>>>>>>>>> Terminal Server.
>>>>>>>>>
>>>>>>>>> Thanks in advance !!!
>>>>>>>>> Terry
>>>>>>>>>
>>>>>>>>> "Vera Noest [MVP]"
>>>>>>>>> <vera.noest@remove-this.hem.utfors.se> wrote in message
>>>>>>>>> news:Xns9618ED717C2E3veranoesthemutforsse@207.46.248.16..
>>>>>>>>> .
>>>>>>>>>> Is there a trust relationship between these 2 domains?
>>>>>>>>>> You have to make the \\domain2\username a member of the
>>>>>>>>>> local built-in group "Remote Desktop Users" on the
>>>>>>>>>> Terminal Server in domain1.
>>>>>>>>>>
>>>>>>>>>> If the Terminal Server is also a Domain Controller in
>>>>>>>>>> domain 1 (which is *not* recommmended!), then you have
>>>>>>>>>> to give this user Log On Locally rights on the server
>>>>>>>>>> (in the default Domain Controller Security Policy).
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Vera Noest
>>>>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
>>>>>>>>>> http://hem.fyristorg.com/vera/IT
>>>>>>>>>> --- please respond in newsgroup, NOT by private email
>>>>>>>>>> ---
>>>>>>>>>>
>>>>>>>>>> "theitman" <nospam@olsbuff.com> wrote on 13 mar 2005 in
>>>>>>>>>> microsoft.public.windowsnt.terminalserver.misc:
>>>>>>>>>>
>>>>>>>>>>> -
>>>>>>>>>>> Hello everyone,
>>>>>>>>>>> Windows 2003 setup with Terminal Server
>>>>>>>>>>> Everything works as expected when I login with a user
>>>>>>>>>>> account from my local Domain (domain1) however, when I
>>>>>>>>>>> tried to logon to the Terminal Server with an account
>>>>>>>>>>> form one of our other doamain (domain2) I get the
>>>>>>>>>>> following error and can not logon. The local policy of
>>>>>>>>>>> this system does not permit you to logon
>>>>>>>>>>> interactively. Then I am disconnected. Any step by
>>>>>>>>>>> step help will be very helpful (This is the first
>>>>>>>>>>> Terminal Server I am tring to setup) As Always, Thank
>>>>>>>>>>> You in advance, Terry
!