Terminal Server in AD

Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

-
Hello everyone,
Windows 2003 setup with Terminal Server
Everything works as expected when I login with a user account from my local
Domain (domain1) however, when I tried to logon to the Terminal Server with
an account form one of our other doamain (domain2) I get the following error
and can not logon.
The local policy of this system does not permit you to logon interactively.
Then I am disconnected.
Any step by step help will be very helpful (This is the first Terminal
Server I am tring to setup)
As Always, Thank You in advance, Terry
11 answers Last reply
More about terminal server
  1. Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

    Is there a trust relationship between these 2 domains?
    You have to make the \\domain2\username a member of the local
    built-in group "Remote Desktop Users" on the Terminal Server in
    domain1.

    If the Terminal Server is also a Domain Controller in domain 1
    (which is *not* recommmended!), then you have to give this user Log
    On Locally rights on the server (in the default Domain Controller
    Security Policy).

    --
    Vera Noest
    MCSE, CCEA, Microsoft MVP - Terminal Server
    http://hem.fyristorg.com/vera/IT
    --- please respond in newsgroup, NOT by private email ---

    "theitman" <nospam@olsbuff.com> wrote on 13 mar 2005 in
    microsoft.public.windowsnt.terminalserver.misc:

    > -
    > Hello everyone,
    > Windows 2003 setup with Terminal Server
    > Everything works as expected when I login with a user account
    > from my local Domain (domain1) however, when I tried to logon to
    > the Terminal Server with an account form one of our other
    > doamain (domain2) I get the following error and can not logon.
    > The local policy of this system does not permit you to logon
    > interactively. Then I am disconnected.
    > Any step by step help will be very helpful (This is the first
    > Terminal Server I am tring to setup)
    > As Always, Thank You in advance, Terry
  2. Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

    -
    Yes there is a Trust (I think by default) AD does this.
    Wow had to add the Everyone group and then add the Domains to the groups of
    users.
    It's working now. Thanks for the help.

    Here is an easy one I'm sure,
    I logged on to the Terminal Server as a user named "LikeThis" setup all the
    programs and Desk Top, then setup all the option the way I need them in MS
    Word and Excel. So the user profile for the user "LikeThis" is perfect.
    No I want Everyone that logs onto the terminal server to get this as the
    profile for their Terminal Server session.
    I think I copy the user profile "LikeThis" over the top on the Local
    Right click on My Computer, System Properties, Advanced, User
    Profiles,Select the user profile "LikeThis",then click on Copy To, and Brows
    to the %system root%Documents and settings/Default User folder, then click
    on OK.
    I am guessing that this will cause ANY user that log onto this Terminal
    Server to have the Setting I created for Word, Excel (the Macro Security
    settings, set to Low etc.) am I correct?
    Do I have all the correct steps?

    This is Windows Server 2003 running as Terminal Server.

    The reason I am NOT sure is because the Help file I found made me think that
    these steps will change more than the users profile on this Terminal Server.
    Sounded almost like I was changing AL the User in the Domain. I ONLY want
    to control the user profile on this ONE Terminal Server.

    Thanks in advance !!!
    Terry

    "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message
    news:Xns9618ED717C2E3veranoesthemutforsse@207.46.248.16...
    > Is there a trust relationship between these 2 domains?
    > You have to make the \\domain2\username a member of the local
    > built-in group "Remote Desktop Users" on the Terminal Server in
    > domain1.
    >
    > If the Terminal Server is also a Domain Controller in domain 1
    > (which is *not* recommmended!), then you have to give this user Log
    > On Locally rights on the server (in the default Domain Controller
    > Security Policy).
    >
    > --
    > Vera Noest
    > MCSE, CCEA, Microsoft MVP - Terminal Server
    > http://hem.fyristorg.com/vera/IT
    > --- please respond in newsgroup, NOT by private email ---
    >
    > "theitman" <nospam@olsbuff.com> wrote on 13 mar 2005 in
    > microsoft.public.windowsnt.terminalserver.misc:
    >
    >> -
    >> Hello everyone,
    >> Windows 2003 setup with Terminal Server
    >> Everything works as expected when I login with a user account
    >> from my local Domain (domain1) however, when I tried to logon to
    >> the Terminal Server with an account form one of our other
    >> doamain (domain2) I get the following error and can not logon.
    >> The local policy of this system does not permit you to logon
    >> interactively. Then I am disconnected.
    >> Any step by step help will be very helpful (This is the first
    >> Terminal Server I am tring to setup)
    >> As Always, Thank You in advance, Terry
  3. Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

    That sounds correct. Every user that connects to this TS and *who
    has not yet an existing roaming TS-specific profile*, will receive
    a copy of the Default User profile that you created.

    If users have existing roaming TS profiles, they will *not* receive
    a copy of the Default User profile. You can force them to get one
    by deleteing theit existing roaming TS profile, but then they will
    also use this Ts profile on all other TS they connect to.
    So if this profile should be unique to this TS, make sure that
    users do *not* have roaming TS profiles. Note that you can use a
    GPO to force a local profile.

    If users have local TS profiles, you should be OK now.

    --
    Vera Noest
    MCSE, CCEA, Microsoft MVP - Terminal Server
    http://hem.fyristorg.com/vera/IT
    --- please respond in newsgroup, NOT by private email ---

    <NoSpamZtheitman@nospamZolsbuff.com> wrote on 15 mar 2005 in
    microsoft.public.windowsnt.terminalserver.misc:

    > -
    > Yes there is a Trust (I think by default) AD does this.
    > Wow had to add the Everyone group and then add the Domains to
    > the groups of users.
    > It's working now. Thanks for the help.
    >
    > Here is an easy one I'm sure,
    > I logged on to the Terminal Server as a user named "LikeThis"
    > setup all the programs and Desk Top, then setup all the option
    > the way I need them in MS Word and Excel. So the user profile
    > for the user "LikeThis" is perfect. No I want Everyone that logs
    > onto the terminal server to get this as the profile for their
    > Terminal Server session. I think I copy the user profile
    > "LikeThis" over the top on the Local Right click on My Computer,
    > System Properties, Advanced, User Profiles,Select the user
    > profile "LikeThis",then click on Copy To, and Brows to the
    > %system root%Documents and settings/Default User folder, then
    > click on OK.
    > I am guessing that this will cause ANY user that log onto this
    > Terminal Server to have the Setting I created for Word, Excel
    > (the Macro Security settings, set to Low etc.) am I correct?
    > Do I have all the correct steps?
    >
    > This is Windows Server 2003 running as Terminal Server.
    >
    > The reason I am NOT sure is because the Help file I found made
    > me think that these steps will change more than the users
    > profile on this Terminal Server. Sounded almost like I was
    > changing AL the User in the Domain. I ONLY want to control the
    > user profile on this ONE Terminal Server.
    >
    > Thanks in advance !!!
    > Terry
    >
    > "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote
    > in message
    > news:Xns9618ED717C2E3veranoesthemutforsse@207.46.248.16...
    >> Is there a trust relationship between these 2 domains?
    >> You have to make the \\domain2\username a member of the local
    >> built-in group "Remote Desktop Users" on the Terminal Server in
    >> domain1.
    >>
    >> If the Terminal Server is also a Domain Controller in domain 1
    >> (which is *not* recommmended!), then you have to give this user
    >> Log On Locally rights on the server (in the default Domain
    >> Controller Security Policy).
    >>
    >> --
    >> Vera Noest
    >> MCSE, CCEA, Microsoft MVP - Terminal Server
    >> http://hem.fyristorg.com/vera/IT
    >> --- please respond in newsgroup, NOT by private email ---
    >>
    >> "theitman" <nospam@olsbuff.com> wrote on 13 mar 2005 in
    >> microsoft.public.windowsnt.terminalserver.misc:
    >>
    >>> -
    >>> Hello everyone,
    >>> Windows 2003 setup with Terminal Server
    >>> Everything works as expected when I login with a user account
    >>> from my local Domain (domain1) however, when I tried to logon
    >>> to the Terminal Server with an account form one of our other
    >>> doamain (domain2) I get the following error and can not logon.
    >>> The local policy of this system does not permit you to logon
    >>> interactively. Then I am disconnected.
    >>> Any step by step help will be very helpful (This is the first
    >>> Terminal Server I am tring to setup)
    >>> As Always, Thank You in advance, Terry
  4. Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

    -
    Hi Vera,

    Is it better to use Group Policies for this task (So everyone that loges
    onto the Terminal Server gets the same desktop and program settings)?
    I'm interested in Group Policies for this task, however, I have never use GP
    and I don't know where to start.
    If it's not to involved can you give me the step need to accomplish the
    above.

    Thanks in Advance,
    Terry

    PS: as long as you may be helping me do one GP is the there an easy way to
    Turn OFF the Win XP Firewall on all the XP machines in one site in the AD?

    Again Thanks so much for the help.

    Terry


    "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message
    news:Xns961AEBD31CFEBveranoesthemutforsse@207.46.248.16...
    > That sounds correct. Every user that connects to this TS and *who
    > has not yet an existing roaming TS-specific profile*, will receive
    > a copy of the Default User profile that you created.
    >
    > If users have existing roaming TS profiles, they will *not* receive
    > a copy of the Default User profile. You can force them to get one
    > by deleteing theit existing roaming TS profile, but then they will
    > also use this Ts profile on all other TS they connect to.
    > So if this profile should be unique to this TS, make sure that
    > users do *not* have roaming TS profiles. Note that you can use a
    > GPO to force a local profile.
    >
    > If users have local TS profiles, you should be OK now.
    >
    > --
    > Vera Noest
    > MCSE, CCEA, Microsoft MVP - Terminal Server
    > http://hem.fyristorg.com/vera/IT
    > --- please respond in newsgroup, NOT by private email ---
    >
    > <NoSpamZtheitman@nospamZolsbuff.com> wrote on 15 mar 2005 in
    > microsoft.public.windowsnt.terminalserver.misc:
    >
    >> -
    >> Yes there is a Trust (I think by default) AD does this.
    >> Wow had to add the Everyone group and then add the Domains to
    >> the groups of users.
    >> It's working now. Thanks for the help.
    >>
    >> Here is an easy one I'm sure,
    >> I logged on to the Terminal Server as a user named "LikeThis"
    >> setup all the programs and Desk Top, then setup all the option
    >> the way I need them in MS Word and Excel. So the user profile
    >> for the user "LikeThis" is perfect. No I want Everyone that logs
    >> onto the terminal server to get this as the profile for their
    >> Terminal Server session. I think I copy the user profile
    >> "LikeThis" over the top on the Local Right click on My Computer,
    >> System Properties, Advanced, User Profiles,Select the user
    >> profile "LikeThis",then click on Copy To, and Brows to the
    >> %system root%Documents and settings/Default User folder, then
    >> click on OK.
    >> I am guessing that this will cause ANY user that log onto this
    >> Terminal Server to have the Setting I created for Word, Excel
    >> (the Macro Security settings, set to Low etc.) am I correct?
    >> Do I have all the correct steps?
    >>
    >> This is Windows Server 2003 running as Terminal Server.
    >>
    >> The reason I am NOT sure is because the Help file I found made
    >> me think that these steps will change more than the users
    >> profile on this Terminal Server. Sounded almost like I was
    >> changing AL the User in the Domain. I ONLY want to control the
    >> user profile on this ONE Terminal Server.
    >>
    >> Thanks in advance !!!
    >> Terry
    >>
    >> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote
    >> in message
    >> news:Xns9618ED717C2E3veranoesthemutforsse@207.46.248.16...
    >>> Is there a trust relationship between these 2 domains?
    >>> You have to make the \\domain2\username a member of the local
    >>> built-in group "Remote Desktop Users" on the Terminal Server in
    >>> domain1.
    >>>
    >>> If the Terminal Server is also a Domain Controller in domain 1
    >>> (which is *not* recommmended!), then you have to give this user
    >>> Log On Locally rights on the server (in the default Domain
    >>> Controller Security Policy).
    >>>
    >>> --
    >>> Vera Noest
    >>> MCSE, CCEA, Microsoft MVP - Terminal Server
    >>> http://hem.fyristorg.com/vera/IT
    >>> --- please respond in newsgroup, NOT by private email ---
    >>>
    >>> "theitman" <nospam@olsbuff.com> wrote on 13 mar 2005 in
    >>> microsoft.public.windowsnt.terminalserver.misc:
    >>>
    >>>> -
    >>>> Hello everyone,
    >>>> Windows 2003 setup with Terminal Server
    >>>> Everything works as expected when I login with a user account
    >>>> from my local Domain (domain1) however, when I tried to logon
    >>>> to the Terminal Server with an account form one of our other
    >>>> doamain (domain2) I get the following error and can not logon.
    >>>> The local policy of this system does not permit you to logon
    >>>> interactively. Then I am disconnected.
    >>>> Any step by step help will be very helpful (This is the first
    >>>> Terminal Server I am tring to setup)
    >>>> As Always, Thank You in advance, Terry
  5. Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

    Create the Default User profile on the TS as you described earlier
    If you want to force the users to use a local profile on the TS,
    create a Group Policy (in Active Directory Users and Computers),
    link it to the Organizational Unit that contains your Terminal
    Server, and enable the following setting:

    Computer Configuration - Administrative templates - System - User
    profiles
    "Only allow local user profiles"

    260370 - How to Apply Group Policy Objects to Terminal Services
    Servers
    http://support.microsoft.com/?kbid=260370

    --
    Vera Noest
    MCSE, CCEA, Microsoft MVP - Terminal Server
    http://hem.fyristorg.com/vera/IT
    --- please respond in newsgroup, NOT by private email ---

    "theitman" <nospam@olsbuff.com> wrote on 17 mar 2005 in
    microsoft.public.windowsnt.terminalserver.misc:

    > -
    > Hi Vera,
    >
    > Is it better to use Group Policies for this task (So everyone
    > that loges onto the Terminal Server gets the same desktop and
    > program settings)? I'm interested in Group Policies for this
    > task, however, I have never use GP and I don't know where to
    > start. If it's not to involved can you give me the step need to
    > accomplish the above.
    >
    > Thanks in Advance,
    > Terry
    >
    > PS: as long as you may be helping me do one GP is the there an
    > easy way to Turn OFF the Win XP Firewall on all the XP machines
    > in one site in the AD?
    >
    > Again Thanks so much for the help.
    >
    > Terry
    >
    >
    >
    > "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote
    > in message
    > news:Xns961AEBD31CFEBveranoesthemutforsse@207.46.248.16...
    >> That sounds correct. Every user that connects to this TS and
    >> *who has not yet an existing roaming TS-specific profile*, will
    >> receive a copy of the Default User profile that you created.
    >>
    >> If users have existing roaming TS profiles, they will *not*
    >> receive a copy of the Default User profile. You can force them
    >> to get one by deleteing theit existing roaming TS profile, but
    >> then they will also use this Ts profile on all other TS they
    >> connect to. So if this profile should be unique to this TS,
    >> make sure that users do *not* have roaming TS profiles. Note
    >> that you can use a GPO to force a local profile.
    >>
    >> If users have local TS profiles, you should be OK now.
    >>
    >> --
    >> Vera Noest
    >> MCSE, CCEA, Microsoft MVP - Terminal Server
    >> http://hem.fyristorg.com/vera/IT
    >> --- please respond in newsgroup, NOT by private email ---
    >>
    >> <NoSpamZtheitman@nospamZolsbuff.com> wrote on 15 mar 2005 in
    >> microsoft.public.windowsnt.terminalserver.misc:
    >>
    >>> -
    >>> Yes there is a Trust (I think by default) AD does this.
    >>> Wow had to add the Everyone group and then add the Domains to
    >>> the groups of users.
    >>> It's working now. Thanks for the help.
    >>>
    >>> Here is an easy one I'm sure,
    >>> I logged on to the Terminal Server as a user named "LikeThis"
    >>> setup all the programs and Desk Top, then setup all the option
    >>> the way I need them in MS Word and Excel. So the user profile
    >>> for the user "LikeThis" is perfect. No I want Everyone that
    >>> logs onto the terminal server to get this as the profile for
    >>> their Terminal Server session. I think I copy the user profile
    >>> "LikeThis" over the top on the Local Right click on My
    >>> Computer, System Properties, Advanced, User Profiles,Select
    >>> the user profile "LikeThis",then click on Copy To, and Brows
    >>> to the %system root%Documents and settings/Default User
    >>> folder, then click on OK.
    >>> I am guessing that this will cause ANY user that log onto this
    >>> Terminal Server to have the Setting I created for Word, Excel
    >>> (the Macro Security settings, set to Low etc.) am I correct?
    >>> Do I have all the correct steps?
    >>>
    >>> This is Windows Server 2003 running as Terminal Server.
    >>>
    >>> The reason I am NOT sure is because the Help file I found made
    >>> me think that these steps will change more than the users
    >>> profile on this Terminal Server. Sounded almost like I was
    >>> changing AL the User in the Domain. I ONLY want to control
    >>> the user profile on this ONE Terminal Server.
    >>>
    >>> Thanks in advance !!!
    >>> Terry
    >>>
    >>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>
    >>> wrote in message
    >>> news:Xns9618ED717C2E3veranoesthemutforsse@207.46.248.16...
    >>>> Is there a trust relationship between these 2 domains?
    >>>> You have to make the \\domain2\username a member of the local
    >>>> built-in group "Remote Desktop Users" on the Terminal Server
    >>>> in domain1.
    >>>>
    >>>> If the Terminal Server is also a Domain Controller in domain
    >>>> 1 (which is *not* recommmended!), then you have to give this
    >>>> user Log On Locally rights on the server (in the default
    >>>> Domain Controller Security Policy).
    >>>>
    >>>> --
    >>>> Vera Noest
    >>>> MCSE, CCEA, Microsoft MVP - Terminal Server
    >>>> http://hem.fyristorg.com/vera/IT
    >>>> --- please respond in newsgroup, NOT by private email ---
    >>>>
    >>>> "theitman" <nospam@olsbuff.com> wrote on 13 mar 2005 in
    >>>> microsoft.public.windowsnt.terminalserver.misc:
    >>>>
    >>>>> -
    >>>>> Hello everyone,
    >>>>> Windows 2003 setup with Terminal Server
    >>>>> Everything works as expected when I login with a user
    >>>>> account from my local Domain (domain1) however, when I tried
    >>>>> to logon to the Terminal Server with an account form one of
    >>>>> our other doamain (domain2) I get the following error and
    >>>>> can not logon. The local policy of this system does not
    >>>>> permit you to logon interactively. Then I am disconnected.
    >>>>> Any step by step help will be very helpful (This is the
    >>>>> first Terminal Server I am tring to setup)
    >>>>> As Always, Thank You in advance, Terry
  6. Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

    -
    Hi Vera,

    I am new to all this :)
    Here is what I did so far I got so far:

    On the DC (APIDC1 located in api.armlink.com)
    Followed the steps under Method 1 in 260370 (link you provided)
    Created the OU on the DC computer (DC computer here is APIDC1) steps 1 - 9
    OK
    Created a Terminal Server Group Policy object , steps 1 - 5 OK
    OU and Group Police named after the computer (API-Tserver) as mentioned in
    the article.

    On the Terminal Server (API-Tserver)
    The Terminal Server Name is API-Tserver (Windows Server 2003 is a stand
    alone)
    I the steps you mentioned below on the Terminal Server.
    I did this already:
    created a Default User profile with all the setting I want.
    Now when I copy the User Profile (LikeThis) onto the Default User Profile
    (folder)
    Do I also want to click on the Change button (located on this page
    [Users or Built-in Groups] )
    and enter "Everyone" ? The following is already listing the
    following on this Permit to use [ Change ] page
    From this location [Armlink.com] this is our domain
    So do I need to add the everyone group in the Enter the object name to
    select [ ] here?


    Do I need to install something so I can work with Users and Computers on
    this 2003 server (if I do where do I get the program)?

    Thanks so much Vera,
    I need baby steps :-)
    Terry


    "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message
    news:Xns961DEA27B54D2veranoesthemutforsse@207.46.248.16...
    > Create the Default User profile on the TS as you described earlier
    > If you want to force the users to use a local profile on the TS,
    > create a Group Policy (in Active Directory Users and Computers),
    > link it to the Organizational Unit that contains your Terminal
    > Server, and enable the following setting:
    >
    > Computer Configuration - Administrative templates - System - User
    > profiles
    > "Only allow local user profiles"
    >
    > 260370 - How to Apply Group Policy Objects to Terminal Services
    > Servers
    > http://support.microsoft.com/?kbid=260370
    >
    > --
    > Vera Noest
    > MCSE, CCEA, Microsoft MVP - Terminal Server
    > http://hem.fyristorg.com/vera/IT
    > --- please respond in newsgroup, NOT by private email ---
    >
    > "theitman" <nospam@olsbuff.com> wrote on 17 mar 2005 in
    > microsoft.public.windowsnt.terminalserver.misc:
    >
    >> -
    >> Hi Vera,
    >>
    >> Is it better to use Group Policies for this task (So everyone
    >> that loges onto the Terminal Server gets the same desktop and
    >> program settings)? I'm interested in Group Policies for this
    >> task, however, I have never use GP and I don't know where to
    >> start. If it's not to involved can you give me the step need to
    >> accomplish the above.
    >>
    >> Thanks in Advance,
    >> Terry
    >>
    >> PS: as long as you may be helping me do one GP is the there an
    >> easy way to Turn OFF the Win XP Firewall on all the XP machines
    >> in one site in the AD?
    >>
    >> Again Thanks so much for the help.
    >>
    >> Terry
    >>
    >>
    >>
    >> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote
    >> in message
    >> news:Xns961AEBD31CFEBveranoesthemutforsse@207.46.248.16...
    >>> That sounds correct. Every user that connects to this TS and
    >>> *who has not yet an existing roaming TS-specific profile*, will
    >>> receive a copy of the Default User profile that you created.
    >>>
    >>> If users have existing roaming TS profiles, they will *not*
    >>> receive a copy of the Default User profile. You can force them
    >>> to get one by deleteing theit existing roaming TS profile, but
    >>> then they will also use this Ts profile on all other TS they
    >>> connect to. So if this profile should be unique to this TS,
    >>> make sure that users do *not* have roaming TS profiles. Note
    >>> that you can use a GPO to force a local profile.
    >>>
    >>> If users have local TS profiles, you should be OK now.
    >>>
    >>> --
    >>> Vera Noest
    >>> MCSE, CCEA, Microsoft MVP - Terminal Server
    >>> http://hem.fyristorg.com/vera/IT
    >>> --- please respond in newsgroup, NOT by private email ---
    >>>
    >>> <NoSpamZtheitman@nospamZolsbuff.com> wrote on 15 mar 2005 in
    >>> microsoft.public.windowsnt.terminalserver.misc:
    >>>
    >>>> -
    >>>> Yes there is a Trust (I think by default) AD does this.
    >>>> Wow had to add the Everyone group and then add the Domains to
    >>>> the groups of users.
    >>>> It's working now. Thanks for the help.
    >>>>
    >>>> Here is an easy one I'm sure,
    >>>> I logged on to the Terminal Server as a user named "LikeThis"
    >>>> setup all the programs and Desk Top, then setup all the option
    >>>> the way I need them in MS Word and Excel. So the user profile
    >>>> for the user "LikeThis" is perfect. No I want Everyone that
    >>>> logs onto the terminal server to get this as the profile for
    >>>> their Terminal Server session. I think I copy the user profile
    >>>> "LikeThis" over the top on the Local Right click on My
    >>>> Computer, System Properties, Advanced, User Profiles,Select
    >>>> the user profile "LikeThis",then click on Copy To, and Brows
    >>>> to the %system root%Documents and settings/Default User
    >>>> folder, then click on OK.
    >>>> I am guessing that this will cause ANY user that log onto this
    >>>> Terminal Server to have the Setting I created for Word, Excel
    >>>> (the Macro Security settings, set to Low etc.) am I correct?
    >>>> Do I have all the correct steps?
    >>>>
    >>>> This is Windows Server 2003 running as Terminal Server.
    >>>>
    >>>> The reason I am NOT sure is because the Help file I found made
    >>>> me think that these steps will change more than the users
    >>>> profile on this Terminal Server. Sounded almost like I was
    >>>> changing AL the User in the Domain. I ONLY want to control
    >>>> the user profile on this ONE Terminal Server.
    >>>>
    >>>> Thanks in advance !!!
    >>>> Terry
    >>>>
    >>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>
    >>>> wrote in message
    >>>> news:Xns9618ED717C2E3veranoesthemutforsse@207.46.248.16...
    >>>>> Is there a trust relationship between these 2 domains?
    >>>>> You have to make the \\domain2\username a member of the local
    >>>>> built-in group "Remote Desktop Users" on the Terminal Server
    >>>>> in domain1.
    >>>>>
    >>>>> If the Terminal Server is also a Domain Controller in domain
    >>>>> 1 (which is *not* recommmended!), then you have to give this
    >>>>> user Log On Locally rights on the server (in the default
    >>>>> Domain Controller Security Policy).
    >>>>>
    >>>>> --
    >>>>> Vera Noest
    >>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
    >>>>> http://hem.fyristorg.com/vera/IT
    >>>>> --- please respond in newsgroup, NOT by private email ---
    >>>>>
    >>>>> "theitman" <nospam@olsbuff.com> wrote on 13 mar 2005 in
    >>>>> microsoft.public.windowsnt.terminalserver.misc:
    >>>>>
    >>>>>> -
    >>>>>> Hello everyone,
    >>>>>> Windows 2003 setup with Terminal Server
    >>>>>> Everything works as expected when I login with a user
    >>>>>> account from my local Domain (domain1) however, when I tried
    >>>>>> to logon to the Terminal Server with an account form one of
    >>>>>> our other doamain (domain2) I get the following error and
    >>>>>> can not logon. The local policy of this system does not
    >>>>>> permit you to logon interactively. Then I am disconnected.
    >>>>>> Any step by step help will be very helpful (This is the
    >>>>>> first Terminal Server I am tring to setup)
    >>>>>> As Always, Thank You in advance, Terry
  7. Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

    -
    Hi Vera,

    I copied the Profile I setup "LikeThis" I did NOT click on the [Change]
    option mentioned below.
    No I have a problem. All the users that logon get a very limited profile.
    It is picking up the mapped drives OK from there Login script on the DC
    (This is GOOD and I want this to happen)
    However, there desktop ONLY shows the icon for out (for Office 2002
    installed on this Terminal Server api-tserver)
    None of the setting I set in the "LikeThis" profile are there.
    If I brows to MS Word (Program Files, Microsoft Office, ...) and click on
    Winword.exe Word will start but i get errors.
    So,
    How do I fix this so the users all get the proper setting from the Default
    User when they login to this Terminal Server ?

    Can you Please email me directly (I have to fix this ASAP)
    my email address is: theitman at olsbuff.com

    Thanks a lot for the help Vera !!!

    Terry


    "theitman" <nospam@olsbuff.com> wrote in message
    news:%23oW3aOLLFHA.732@TK2MSFTNGP12.phx.gbl...
    > -
    > Hi Vera,
    >
    > I am new to all this :)
    > Here is what I did so far I got so far:
    >
    > On the DC (APIDC1 located in api.armlink.com)
    > Followed the steps under Method 1 in 260370 (link you provided)
    > Created the OU on the DC computer (DC computer here is APIDC1) steps 1 - 9
    > OK
    > Created a Terminal Server Group Policy object , steps 1 - 5 OK
    > OU and Group Police named after the computer (API-Tserver) as mentioned in
    > the article.
    >
    > On the Terminal Server (API-Tserver)
    > The Terminal Server Name is API-Tserver (Windows Server 2003 is a stand
    > alone)
    > I the steps you mentioned below on the Terminal Server.
    > I did this already:
    > created a Default User profile with all the setting I want.
    > Now when I copy the User Profile (LikeThis) onto the Default User Profile
    > (folder)
    > Do I also want to click on the Change button (located on this page
    > [Users or Built-in Groups] )
    > and enter "Everyone" ? The following is already listing the
    > following on this Permit to use [ Change ] page
    > From this location [Armlink.com] this is our domain
    > So do I need to add the everyone group in the Enter the object name to
    > select [ ] here?
    >
    >
    > Do I need to install something so I can work with Users and Computers on
    > this 2003 server (if I do where do I get the program)?
    >
    > Thanks so much Vera,
    > I need baby steps :-)
    > Terry
    >
    >
    > "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message
    > news:Xns961DEA27B54D2veranoesthemutforsse@207.46.248.16...
    >> Create the Default User profile on the TS as you described earlier
    >> If you want to force the users to use a local profile on the TS,
    >> create a Group Policy (in Active Directory Users and Computers),
    >> link it to the Organizational Unit that contains your Terminal
    >> Server, and enable the following setting:
    >>
    >> Computer Configuration - Administrative templates - System - User
    >> profiles
    >> "Only allow local user profiles"
    >>
    >> 260370 - How to Apply Group Policy Objects to Terminal Services
    >> Servers
    >> http://support.microsoft.com/?kbid=260370
    >>
    >> --
    >> Vera Noest
    >> MCSE, CCEA, Microsoft MVP - Terminal Server
    >> http://hem.fyristorg.com/vera/IT
    >> --- please respond in newsgroup, NOT by private email ---
    >>
    >> "theitman" <nospam@olsbuff.com> wrote on 17 mar 2005 in
    >> microsoft.public.windowsnt.terminalserver.misc:
    >>
    >>> -
    >>> Hi Vera,
    >>>
    >>> Is it better to use Group Policies for this task (So everyone
    >>> that loges onto the Terminal Server gets the same desktop and
    >>> program settings)? I'm interested in Group Policies for this
    >>> task, however, I have never use GP and I don't know where to
    >>> start. If it's not to involved can you give me the step need to
    >>> accomplish the above.
    >>>
    >>> Thanks in Advance,
    >>> Terry
    >>>
    >>> PS: as long as you may be helping me do one GP is the there an
    >>> easy way to Turn OFF the Win XP Firewall on all the XP machines
    >>> in one site in the AD?
    >>>
    >>> Again Thanks so much for the help.
    >>>
    >>> Terry
    >>>
    >>>
    >>>
    >>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote
    >>> in message
    >>> news:Xns961AEBD31CFEBveranoesthemutforsse@207.46.248.16...
    >>>> That sounds correct. Every user that connects to this TS and
    >>>> *who has not yet an existing roaming TS-specific profile*, will
    >>>> receive a copy of the Default User profile that you created.
    >>>>
    >>>> If users have existing roaming TS profiles, they will *not*
    >>>> receive a copy of the Default User profile. You can force them
    >>>> to get one by deleteing theit existing roaming TS profile, but
    >>>> then they will also use this Ts profile on all other TS they
    >>>> connect to. So if this profile should be unique to this TS,
    >>>> make sure that users do *not* have roaming TS profiles. Note
    >>>> that you can use a GPO to force a local profile.
    >>>>
    >>>> If users have local TS profiles, you should be OK now.
    >>>>
    >>>> --
    >>>> Vera Noest
    >>>> MCSE, CCEA, Microsoft MVP - Terminal Server
    >>>> http://hem.fyristorg.com/vera/IT
    >>>> --- please respond in newsgroup, NOT by private email ---
    >>>>
    >>>> <NoSpamZtheitman@nospamZolsbuff.com> wrote on 15 mar 2005 in
    >>>> microsoft.public.windowsnt.terminalserver.misc:
    >>>>
    >>>>> -
    >>>>> Yes there is a Trust (I think by default) AD does this.
    >>>>> Wow had to add the Everyone group and then add the Domains to
    >>>>> the groups of users.
    >>>>> It's working now. Thanks for the help.
    >>>>>
    >>>>> Here is an easy one I'm sure,
    >>>>> I logged on to the Terminal Server as a user named "LikeThis"
    >>>>> setup all the programs and Desk Top, then setup all the option
    >>>>> the way I need them in MS Word and Excel. So the user profile
    >>>>> for the user "LikeThis" is perfect. No I want Everyone that
    >>>>> logs onto the terminal server to get this as the profile for
    >>>>> their Terminal Server session. I think I copy the user profile
    >>>>> "LikeThis" over the top on the Local Right click on My
    >>>>> Computer, System Properties, Advanced, User Profiles,Select
    >>>>> the user profile "LikeThis",then click on Copy To, and Brows
    >>>>> to the %system root%Documents and settings/Default User
    >>>>> folder, then click on OK.
    >>>>> I am guessing that this will cause ANY user that log onto this
    >>>>> Terminal Server to have the Setting I created for Word, Excel
    >>>>> (the Macro Security settings, set to Low etc.) am I correct?
    >>>>> Do I have all the correct steps?
    >>>>>
    >>>>> This is Windows Server 2003 running as Terminal Server.
    >>>>>
    >>>>> The reason I am NOT sure is because the Help file I found made
    >>>>> me think that these steps will change more than the users
    >>>>> profile on this Terminal Server. Sounded almost like I was
    >>>>> changing AL the User in the Domain. I ONLY want to control
    >>>>> the user profile on this ONE Terminal Server.
    >>>>>
    >>>>> Thanks in advance !!!
    >>>>> Terry
    >>>>>
    >>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>
    >>>>> wrote in message
    >>>>> news:Xns9618ED717C2E3veranoesthemutforsse@207.46.248.16...
    >>>>>> Is there a trust relationship between these 2 domains?
    >>>>>> You have to make the \\domain2\username a member of the local
    >>>>>> built-in group "Remote Desktop Users" on the Terminal Server
    >>>>>> in domain1.
    >>>>>>
    >>>>>> If the Terminal Server is also a Domain Controller in domain
    >>>>>> 1 (which is *not* recommmended!), then you have to give this
    >>>>>> user Log On Locally rights on the server (in the default
    >>>>>> Domain Controller Security Policy).
    >>>>>>
    >>>>>> --
    >>>>>> Vera Noest
    >>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
    >>>>>> http://hem.fyristorg.com/vera/IT
    >>>>>> --- please respond in newsgroup, NOT by private email ---
    >>>>>>
    >>>>>> "theitman" <nospam@olsbuff.com> wrote on 13 mar 2005 in
    >>>>>> microsoft.public.windowsnt.terminalserver.misc:
    >>>>>>
    >>>>>>> -
    >>>>>>> Hello everyone,
    >>>>>>> Windows 2003 setup with Terminal Server
    >>>>>>> Everything works as expected when I login with a user
    >>>>>>> account from my local Domain (domain1) however, when I tried
    >>>>>>> to logon to the Terminal Server with an account form one of
    >>>>>>> our other doamain (domain2) I get the following error and
    >>>>>>> can not logon. The local policy of this system does not
    >>>>>>> permit you to logon interactively. Then I am disconnected.
    >>>>>>> Any step by step help will be very helpful (This is the
    >>>>>>> first Terminal Server I am tring to setup)
    >>>>>>> As Always, Thank You in advance, Terry
    >
    >
  8. Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

    -
    Hi Vera,

    I know what I did wrong, I copied a Domain user profile over the Default
    User :(
    Now I need to re-create the Default User profile or maybe try a repair or
    Windows 2003 (is there anything you can think of)?
    Maybe I have to Re-Install Windows 2003 ?
    Whatever I need to do I need to do it today (Sunday)
    Any suggestions on re-creating the Default User profile?
    Right now No account including the local Administrator have all the programs
    I installed and the programs are all missing fro Start, Programs 995 of the
    programs are NOT listed here any longer.

    Any suggestions?
    Thanks, Terry


    "theitman" <nospam@olsbuff.com> wrote in message
    news:OZijLVOLFHA.1884@TK2MSFTNGP15.phx.gbl...
    > -
    > Hi Vera,
    >
    > I copied the Profile I setup "LikeThis" I did NOT click on the [Change]
    > option mentioned below.
    > No I have a problem. All the users that logon get a very limited profile.
    > It is picking up the mapped drives OK from there Login script on the DC
    > (This is GOOD and I want this to happen)
    > However, there desktop ONLY shows the icon for out (for Office 2002
    > installed on this Terminal Server api-tserver)
    > None of the setting I set in the "LikeThis" profile are there.
    > If I brows to MS Word (Program Files, Microsoft Office, ...) and click on
    > Winword.exe Word will start but i get errors.
    > So,
    > How do I fix this so the users all get the proper setting from the Default
    > User when they login to this Terminal Server ?
    >
    > Can you Please email me directly (I have to fix this ASAP)
    > my email address is: theitman at olsbuff.com
    >
    > Thanks a lot for the help Vera !!!
    >
    > Terry
    >
    >
    >
    > "theitman" <nospam@olsbuff.com> wrote in message
    > news:%23oW3aOLLFHA.732@TK2MSFTNGP12.phx.gbl...
    >> -
    >> Hi Vera,
    >>
    >> I am new to all this :)
    >> Here is what I did so far I got so far:
    >>
    >> On the DC (APIDC1 located in api.armlink.com)
    >> Followed the steps under Method 1 in 260370 (link you provided)
    >> Created the OU on the DC computer (DC computer here is APIDC1) steps 1 -
    >> 9 OK
    >> Created a Terminal Server Group Policy object , steps 1 - 5 OK
    >> OU and Group Police named after the computer (API-Tserver) as mentioned
    >> in the article.
    >>
    >> On the Terminal Server (API-Tserver)
    >> The Terminal Server Name is API-Tserver (Windows Server 2003 is a stand
    >> alone)
    >> I the steps you mentioned below on the Terminal Server.
    >> I did this already:
    >> created a Default User profile with all the setting I want.
    >> Now when I copy the User Profile (LikeThis) onto the Default User
    >> Profile (folder)
    >> Do I also want to click on the Change button (located on this page
    >> [Users or Built-in Groups] )
    >> and enter "Everyone" ? The following is already listing the
    >> following on this Permit to use [ Change ] page
    >> From this location [Armlink.com] this is our domain
    >> So do I need to add the everyone group in the Enter the object name to
    >> select [ ] here?
    >>
    >>
    >> Do I need to install something so I can work with Users and Computers on
    >> this 2003 server (if I do where do I get the program)?
    >>
    >> Thanks so much Vera,
    >> I need baby steps :-)
    >> Terry
    >>
    >>
    >> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in
    >> message news:Xns961DEA27B54D2veranoesthemutforsse@207.46.248.16...
    >>> Create the Default User profile on the TS as you described earlier
    >>> If you want to force the users to use a local profile on the TS,
    >>> create a Group Policy (in Active Directory Users and Computers),
    >>> link it to the Organizational Unit that contains your Terminal
    >>> Server, and enable the following setting:
    >>>
    >>> Computer Configuration - Administrative templates - System - User
    >>> profiles
    >>> "Only allow local user profiles"
    >>>
    >>> 260370 - How to Apply Group Policy Objects to Terminal Services
    >>> Servers
    >>> http://support.microsoft.com/?kbid=260370
    >>>
    >>> --
    >>> Vera Noest
    >>> MCSE, CCEA, Microsoft MVP - Terminal Server
    >>> http://hem.fyristorg.com/vera/IT
    >>> --- please respond in newsgroup, NOT by private email ---
    >>>
    >>> "theitman" <nospam@olsbuff.com> wrote on 17 mar 2005 in
    >>> microsoft.public.windowsnt.terminalserver.misc:
    >>>
    >>>> -
    >>>> Hi Vera,
    >>>>
    >>>> Is it better to use Group Policies for this task (So everyone
    >>>> that loges onto the Terminal Server gets the same desktop and
    >>>> program settings)? I'm interested in Group Policies for this
    >>>> task, however, I have never use GP and I don't know where to
    >>>> start. If it's not to involved can you give me the step need to
    >>>> accomplish the above.
    >>>>
    >>>> Thanks in Advance,
    >>>> Terry
    >>>>
    >>>> PS: as long as you may be helping me do one GP is the there an
    >>>> easy way to Turn OFF the Win XP Firewall on all the XP machines
    >>>> in one site in the AD?
    >>>>
    >>>> Again Thanks so much for the help.
    >>>>
    >>>> Terry
    >>>>
    >>>>
    >>>>
    >>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote
    >>>> in message
    >>>> news:Xns961AEBD31CFEBveranoesthemutforsse@207.46.248.16...
    >>>>> That sounds correct. Every user that connects to this TS and
    >>>>> *who has not yet an existing roaming TS-specific profile*, will
    >>>>> receive a copy of the Default User profile that you created.
    >>>>>
    >>>>> If users have existing roaming TS profiles, they will *not*
    >>>>> receive a copy of the Default User profile. You can force them
    >>>>> to get one by deleteing theit existing roaming TS profile, but
    >>>>> then they will also use this Ts profile on all other TS they
    >>>>> connect to. So if this profile should be unique to this TS,
    >>>>> make sure that users do *not* have roaming TS profiles. Note
    >>>>> that you can use a GPO to force a local profile.
    >>>>>
    >>>>> If users have local TS profiles, you should be OK now.
    >>>>>
    >>>>> --
    >>>>> Vera Noest
    >>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
    >>>>> http://hem.fyristorg.com/vera/IT
    >>>>> --- please respond in newsgroup, NOT by private email ---
    >>>>>
    >>>>> <NoSpamZtheitman@nospamZolsbuff.com> wrote on 15 mar 2005 in
    >>>>> microsoft.public.windowsnt.terminalserver.misc:
    >>>>>
    >>>>>> -
    >>>>>> Yes there is a Trust (I think by default) AD does this.
    >>>>>> Wow had to add the Everyone group and then add the Domains to
    >>>>>> the groups of users.
    >>>>>> It's working now. Thanks for the help.
    >>>>>>
    >>>>>> Here is an easy one I'm sure,
    >>>>>> I logged on to the Terminal Server as a user named "LikeThis"
    >>>>>> setup all the programs and Desk Top, then setup all the option
    >>>>>> the way I need them in MS Word and Excel. So the user profile
    >>>>>> for the user "LikeThis" is perfect. No I want Everyone that
    >>>>>> logs onto the terminal server to get this as the profile for
    >>>>>> their Terminal Server session. I think I copy the user profile
    >>>>>> "LikeThis" over the top on the Local Right click on My
    >>>>>> Computer, System Properties, Advanced, User Profiles,Select
    >>>>>> the user profile "LikeThis",then click on Copy To, and Brows
    >>>>>> to the %system root%Documents and settings/Default User
    >>>>>> folder, then click on OK.
    >>>>>> I am guessing that this will cause ANY user that log onto this
    >>>>>> Terminal Server to have the Setting I created for Word, Excel
    >>>>>> (the Macro Security settings, set to Low etc.) am I correct?
    >>>>>> Do I have all the correct steps?
    >>>>>>
    >>>>>> This is Windows Server 2003 running as Terminal Server.
    >>>>>>
    >>>>>> The reason I am NOT sure is because the Help file I found made
    >>>>>> me think that these steps will change more than the users
    >>>>>> profile on this Terminal Server. Sounded almost like I was
    >>>>>> changing AL the User in the Domain. I ONLY want to control
    >>>>>> the user profile on this ONE Terminal Server.
    >>>>>>
    >>>>>> Thanks in advance !!!
    >>>>>> Terry
    >>>>>>
    >>>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>
    >>>>>> wrote in message
    >>>>>> news:Xns9618ED717C2E3veranoesthemutforsse@207.46.248.16...
    >>>>>>> Is there a trust relationship between these 2 domains?
    >>>>>>> You have to make the \\domain2\username a member of the local
    >>>>>>> built-in group "Remote Desktop Users" on the Terminal Server
    >>>>>>> in domain1.
    >>>>>>>
    >>>>>>> If the Terminal Server is also a Domain Controller in domain
    >>>>>>> 1 (which is *not* recommmended!), then you have to give this
    >>>>>>> user Log On Locally rights on the server (in the default
    >>>>>>> Domain Controller Security Policy).
    >>>>>>>
    >>>>>>> --
    >>>>>>> Vera Noest
    >>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
    >>>>>>> http://hem.fyristorg.com/vera/IT
    >>>>>>> --- please respond in newsgroup, NOT by private email ---
    >>>>>>>
    >>>>>>> "theitman" <nospam@olsbuff.com> wrote on 13 mar 2005 in
    >>>>>>> microsoft.public.windowsnt.terminalserver.misc:
    >>>>>>>
    >>>>>>>> -
    >>>>>>>> Hello everyone,
    >>>>>>>> Windows 2003 setup with Terminal Server
    >>>>>>>> Everything works as expected when I login with a user
    >>>>>>>> account from my local Domain (domain1) however, when I tried
    >>>>>>>> to logon to the Terminal Server with an account form one of
    >>>>>>>> our other doamain (domain2) I get the following error and
    >>>>>>>> can not logon. The local policy of this system does not
    >>>>>>>> permit you to logon interactively. Then I am disconnected.
    >>>>>>>> Any step by step help will be very helpful (This is the
    >>>>>>>> first Terminal Server I am tring to setup)
    >>>>>>>> As Always, Thank You in advance, Terry
    >>
    >>
    >
    >
  9. Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

    You can re-create the shortcuts manually or re-install completely.
    Which method is faster depends on how many shortcuts and settings
    you have to configure manually, and how well you documented your
    system.

    I'm afraid that you have just learned the hard way that you always
    need a backup before making major changes, preferably a total
    system backup.
    When modifying the Default User profile (or anything else for that
    matter), first copy the existing folder to another folder before
    you overwrite it. Delete the original only when you are 100% sure
    that your modifications are OK.

    --
    Vera Noest
    MCSE, CCEA, Microsoft MVP - Terminal Server
    http://hem.fyristorg.com/vera/IT
    --- please respond in newsgroup, NOT by private email ---

    <NoSpamZtheitman@nospamZolsbuff.com> wrote on 20 mar 2005 in
    microsoft.public.windowsnt.terminalserver.misc:

    > -
    > Hi Vera,
    >
    > I know what I did wrong, I copied a Domain user profile over the
    > Default User :(
    > Now I need to re-create the Default User profile or maybe try a
    > repair or Windows 2003 (is there anything you can think of)?
    > Maybe I have to Re-Install Windows 2003 ?
    > Whatever I need to do I need to do it today (Sunday)
    > Any suggestions on re-creating the Default User profile?
    > Right now No account including the local Administrator have all
    > the programs I installed and the programs are all missing fro
    > Start, Programs 995 of the programs are NOT listed here any
    > longer.
    >
    > Any suggestions?
    > Thanks, Terry
    >
    >
    >
    > "theitman" <nospam@olsbuff.com> wrote in message
    > news:OZijLVOLFHA.1884@TK2MSFTNGP15.phx.gbl...
    >> -
    >> Hi Vera,
    >>
    >> I copied the Profile I setup "LikeThis" I did NOT click on the
    >> [Change] option mentioned below.
    >> No I have a problem. All the users that logon get a very
    >> limited profile. It is picking up the mapped drives OK from
    >> there Login script on the DC (This is GOOD and I want this to
    >> happen) However, there desktop ONLY shows the icon for out (for
    >> Office 2002 installed on this Terminal Server api-tserver)
    >> None of the setting I set in the "LikeThis" profile are there.
    >> If I brows to MS Word (Program Files, Microsoft Office, ...)
    >> and click on
    >> Winword.exe Word will start but i get errors.
    >> So,
    >> How do I fix this so the users all get the proper setting from
    >> the Default User when they login to this Terminal Server ?
    >>
    >> Can you Please email me directly (I have to fix this ASAP)
    >> my email address is: theitman at olsbuff.com
    >>
    >> Thanks a lot for the help Vera !!!
    >>
    >> Terry
    >>
    >>
    >>
    >> "theitman" <nospam@olsbuff.com> wrote in message
    >> news:%23oW3aOLLFHA.732@TK2MSFTNGP12.phx.gbl...
    >>> -
    >>> Hi Vera,
    >>>
    >>> I am new to all this :)
    >>> Here is what I did so far I got so far:
    >>>
    >>> On the DC (APIDC1 located in api.armlink.com)
    >>> Followed the steps under Method 1 in 260370 (link you
    >>> provided) Created the OU on the DC computer (DC computer here
    >>> is APIDC1) steps 1 - 9 OK
    >>> Created a Terminal Server Group Policy object , steps 1 - 5
    >>> OK OU and Group Police named after the computer (API-Tserver)
    >>> as mentioned in the article.
    >>>
    >>> On the Terminal Server (API-Tserver)
    >>> The Terminal Server Name is API-Tserver (Windows Server 2003
    >>> is a stand alone)
    >>> I the steps you mentioned below on the Terminal Server.
    >>> I did this already:
    >>> created a Default User profile with all the setting I
    >>> want.
    >>> Now when I copy the User Profile (LikeThis) onto the Default
    >>> User
    >>> Profile (folder)
    >>> Do I also want to click on the Change button (located on
    >>> this page
    >>> [Users or Built-in Groups] )
    >>> and enter "Everyone" ? The following is already
    >>> listing the
    >>> following on this Permit to use [ Change ] page
    >>> From this location [Armlink.com] this is our domain
    >>> So do I need to add the everyone group in the Enter the
    >>> object name to
    >>> select [ ] here?
    >>>
    >>>
    >>> Do I need to install something so I can work with Users and
    >>> Computers on this 2003 server (if I do where do I get the
    >>> program)?
    >>>
    >>> Thanks so much Vera,
    >>> I need baby steps :-)
    >>> Terry
    >>>
    >>>
    >>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>
    >>> wrote in message
    >>> news:Xns961DEA27B54D2veranoesthemutforsse@207.46.248.16...
    >>>> Create the Default User profile on the TS as you described
    >>>> earlier If you want to force the users to use a local profile
    >>>> on the TS, create a Group Policy (in Active Directory Users
    >>>> and Computers), link it to the Organizational Unit that
    >>>> contains your Terminal Server, and enable the following
    >>>> setting:
    >>>>
    >>>> Computer Configuration - Administrative templates - System -
    >>>> User profiles
    >>>> "Only allow local user profiles"
    >>>>
    >>>> 260370 - How to Apply Group Policy Objects to Terminal
    >>>> Services Servers
    >>>> http://support.microsoft.com/?kbid=260370
    >>>>
    >>>> --
    >>>> Vera Noest
    >>>> MCSE, CCEA, Microsoft MVP - Terminal Server
    >>>> http://hem.fyristorg.com/vera/IT
    >>>> --- please respond in newsgroup, NOT by private email ---
    >>>>
    >>>> "theitman" <nospam@olsbuff.com> wrote on 17 mar 2005 in
    >>>> microsoft.public.windowsnt.terminalserver.misc:
    >>>>
    >>>>> -
    >>>>> Hi Vera,
    >>>>>
    >>>>> Is it better to use Group Policies for this task (So
    >>>>> everyone that loges onto the Terminal Server gets the same
    >>>>> desktop and program settings)? I'm interested in Group
    >>>>> Policies for this task, however, I have never use GP and I
    >>>>> don't know where to start. If it's not to involved can you
    >>>>> give me the step need to accomplish the above.
    >>>>>
    >>>>> Thanks in Advance,
    >>>>> Terry
    >>>>>
    >>>>> PS: as long as you may be helping me do one GP is the there
    >>>>> an easy way to Turn OFF the Win XP Firewall on all the XP
    >>>>> machines in one site in the AD?
    >>>>>
    >>>>> Again Thanks so much for the help.
    >>>>>
    >>>>> Terry
    >>>>>
    >>>>>
    >>>>>
    >>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>
    >>>>> wrote in message
    >>>>> news:Xns961AEBD31CFEBveranoesthemutforsse@207.46.248.16...
    >>>>>> That sounds correct. Every user that connects to this TS
    >>>>>> and *who has not yet an existing roaming TS-specific
    >>>>>> profile*, will receive a copy of the Default User profile
    >>>>>> that you created.
    >>>>>>
    >>>>>> If users have existing roaming TS profiles, they will *not*
    >>>>>> receive a copy of the Default User profile. You can force
    >>>>>> them to get one by deleteing theit existing roaming TS
    >>>>>> profile, but then they will also use this Ts profile on all
    >>>>>> other TS they connect to. So if this profile should be
    >>>>>> unique to this TS, make sure that users do *not* have
    >>>>>> roaming TS profiles. Note that you can use a GPO to force a
    >>>>>> local profile.
    >>>>>>
    >>>>>> If users have local TS profiles, you should be OK now.
    >>>>>>
    >>>>>> --
    >>>>>> Vera Noest
    >>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
    >>>>>> http://hem.fyristorg.com/vera/IT
    >>>>>> --- please respond in newsgroup, NOT by private email ---
    >>>>>>
    >>>>>> <NoSpamZtheitman@nospamZolsbuff.com> wrote on 15 mar 2005
    >>>>>> in microsoft.public.windowsnt.terminalserver.misc:
    >>>>>>
    >>>>>>> -
    >>>>>>> Yes there is a Trust (I think by default) AD does this.
    >>>>>>> Wow had to add the Everyone group and then add the Domains
    >>>>>>> to the groups of users.
    >>>>>>> It's working now. Thanks for the help.
    >>>>>>>
    >>>>>>> Here is an easy one I'm sure,
    >>>>>>> I logged on to the Terminal Server as a user named
    >>>>>>> "LikeThis" setup all the programs and Desk Top, then setup
    >>>>>>> all the option the way I need them in MS Word and Excel.
    >>>>>>> So the user profile for the user "LikeThis" is perfect. No
    >>>>>>> I want Everyone that logs onto the terminal server to get
    >>>>>>> this as the profile for their Terminal Server session. I
    >>>>>>> think I copy the user profile "LikeThis" over the top on
    >>>>>>> the Local Right click on My Computer, System Properties,
    >>>>>>> Advanced, User Profiles,Select the user profile
    >>>>>>> "LikeThis",then click on Copy To, and Brows to the %system
    >>>>>>> root%Documents and settings/Default User folder, then
    >>>>>>> click on OK. I am guessing that this will cause ANY user
    >>>>>>> that log onto this Terminal Server to have the Setting I
    >>>>>>> created for Word, Excel (the Macro Security settings, set
    >>>>>>> to Low etc.) am I correct? Do I have all the correct
    >>>>>>> steps?
    >>>>>>>
    >>>>>>> This is Windows Server 2003 running as Terminal Server.
    >>>>>>>
    >>>>>>> The reason I am NOT sure is because the Help file I found
    >>>>>>> made me think that these steps will change more than the
    >>>>>>> users profile on this Terminal Server. Sounded almost like
    >>>>>>> I was changing AL the User in the Domain. I ONLY want to
    >>>>>>> control the user profile on this ONE Terminal Server.
    >>>>>>>
    >>>>>>> Thanks in advance !!!
    >>>>>>> Terry
    >>>>>>>
    >>>>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>
    >>>>>>> wrote in message
    >>>>>>> news:Xns9618ED717C2E3veranoesthemutforsse@207.46.248.16...
    >>>>>>>> Is there a trust relationship between these 2 domains?
    >>>>>>>> You have to make the \\domain2\username a member of the
    >>>>>>>> local built-in group "Remote Desktop Users" on the
    >>>>>>>> Terminal Server in domain1.
    >>>>>>>>
    >>>>>>>> If the Terminal Server is also a Domain Controller in
    >>>>>>>> domain 1 (which is *not* recommmended!), then you have to
    >>>>>>>> give this user Log On Locally rights on the server (in
    >>>>>>>> the default Domain Controller Security Policy).
    >>>>>>>>
    >>>>>>>> --
    >>>>>>>> Vera Noest
    >>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
    >>>>>>>> http://hem.fyristorg.com/vera/IT
    >>>>>>>> --- please respond in newsgroup, NOT by private email ---
    >>>>>>>>
    >>>>>>>> "theitman" <nospam@olsbuff.com> wrote on 13 mar 2005 in
    >>>>>>>> microsoft.public.windowsnt.terminalserver.misc:
    >>>>>>>>
    >>>>>>>>> -
    >>>>>>>>> Hello everyone,
    >>>>>>>>> Windows 2003 setup with Terminal Server
    >>>>>>>>> Everything works as expected when I login with a user
    >>>>>>>>> account from my local Domain (domain1) however, when I
    >>>>>>>>> tried to logon to the Terminal Server with an account
    >>>>>>>>> form one of our other doamain (domain2) I get the
    >>>>>>>>> following error and can not logon. The local policy of
    >>>>>>>>> this system does not permit you to logon interactively.
    >>>>>>>>> Then I am disconnected. Any step by step help will be
    >>>>>>>>> very helpful (This is the first Terminal Server I am
    >>>>>>>>> tring to setup) As Always, Thank You in advance, Terry
  10. Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

    -
    Vera,
    Well, your correct :(
    Ok I reinstall a fresh copy and I am back to my starting point.

    I still have one question:
    After the "copy to" do I need to click on the [Change ] button a enter
    "everyone"

    Thanks,
    Terry


    "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message
    news:Xns961FA1954A162veranoesthemutforsse@207.46.248.16...
    > You can re-create the shortcuts manually or re-install completely.
    > Which method is faster depends on how many shortcuts and settings
    > you have to configure manually, and how well you documented your
    > system.
    >
    > I'm afraid that you have just learned the hard way that you always
    > need a backup before making major changes, preferably a total
    > system backup.
    > When modifying the Default User profile (or anything else for that
    > matter), first copy the existing folder to another folder before
    > you overwrite it. Delete the original only when you are 100% sure
    > that your modifications are OK.
    >
    > --
    > Vera Noest
    > MCSE, CCEA, Microsoft MVP - Terminal Server
    > http://hem.fyristorg.com/vera/IT
    > --- please respond in newsgroup, NOT by private email ---
    >
    > <NoSpamZtheitman@nospamZolsbuff.com> wrote on 20 mar 2005 in
    > microsoft.public.windowsnt.terminalserver.misc:
    >
    >> -
    >> Hi Vera,
    >>
    >> I know what I did wrong, I copied a Domain user profile over the
    >> Default User :(
    >> Now I need to re-create the Default User profile or maybe try a
    >> repair or Windows 2003 (is there anything you can think of)?
    >> Maybe I have to Re-Install Windows 2003 ?
    >> Whatever I need to do I need to do it today (Sunday)
    >> Any suggestions on re-creating the Default User profile?
    >> Right now No account including the local Administrator have all
    >> the programs I installed and the programs are all missing fro
    >> Start, Programs 995 of the programs are NOT listed here any
    >> longer.
    >>
    >> Any suggestions?
    >> Thanks, Terry
    >>
    >>
    >>
    >> "theitman" <nospam@olsbuff.com> wrote in message
    >> news:OZijLVOLFHA.1884@TK2MSFTNGP15.phx.gbl...
    >>> -
    >>> Hi Vera,
    >>>
    >>> I copied the Profile I setup "LikeThis" I did NOT click on the
    >>> [Change] option mentioned below.
    >>> No I have a problem. All the users that logon get a very
    >>> limited profile. It is picking up the mapped drives OK from
    >>> there Login script on the DC (This is GOOD and I want this to
    >>> happen) However, there desktop ONLY shows the icon for out (for
    >>> Office 2002 installed on this Terminal Server api-tserver)
    >>> None of the setting I set in the "LikeThis" profile are there.
    >>> If I brows to MS Word (Program Files, Microsoft Office, ...)
    >>> and click on
    >>> Winword.exe Word will start but i get errors.
    >>> So,
    >>> How do I fix this so the users all get the proper setting from
    >>> the Default User when they login to this Terminal Server ?
    >>>
    >>> Can you Please email me directly (I have to fix this ASAP)
    >>> my email address is: theitman at olsbuff.com
    >>>
    >>> Thanks a lot for the help Vera !!!
    >>>
    >>> Terry
    >>>
    >>>
    >>>
    >>> "theitman" <nospam@olsbuff.com> wrote in message
    >>> news:%23oW3aOLLFHA.732@TK2MSFTNGP12.phx.gbl...
    >>>> -
    >>>> Hi Vera,
    >>>>
    >>>> I am new to all this :)
    >>>> Here is what I did so far I got so far:
    >>>>
    >>>> On the DC (APIDC1 located in api.armlink.com)
    >>>> Followed the steps under Method 1 in 260370 (link you
    >>>> provided) Created the OU on the DC computer (DC computer here
    >>>> is APIDC1) steps 1 - 9 OK
    >>>> Created a Terminal Server Group Policy object , steps 1 - 5
    >>>> OK OU and Group Police named after the computer (API-Tserver)
    >>>> as mentioned in the article.
    >>>>
    >>>> On the Terminal Server (API-Tserver)
    >>>> The Terminal Server Name is API-Tserver (Windows Server 2003
    >>>> is a stand alone)
    >>>> I the steps you mentioned below on the Terminal Server.
    >>>> I did this already:
    >>>> created a Default User profile with all the setting I
    >>>> want.
    >>>> Now when I copy the User Profile (LikeThis) onto the Default
    >>>> User
    >>>> Profile (folder)
    >>>> Do I also want to click on the Change button (located on
    >>>> this page
    >>>> [Users or Built-in Groups] )
    >>>> and enter "Everyone" ? The following is already
    >>>> listing the
    >>>> following on this Permit to use [ Change ] page
    >>>> From this location [Armlink.com] this is our domain
    >>>> So do I need to add the everyone group in the Enter the
    >>>> object name to
    >>>> select [ ] here?
    >>>>
    >>>>
    >>>> Do I need to install something so I can work with Users and
    >>>> Computers on this 2003 server (if I do where do I get the
    >>>> program)?
    >>>>
    >>>> Thanks so much Vera,
    >>>> I need baby steps :-)
    >>>> Terry
    >>>>
    >>>>
    >>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>
    >>>> wrote in message
    >>>> news:Xns961DEA27B54D2veranoesthemutforsse@207.46.248.16...
    >>>>> Create the Default User profile on the TS as you described
    >>>>> earlier If you want to force the users to use a local profile
    >>>>> on the TS, create a Group Policy (in Active Directory Users
    >>>>> and Computers), link it to the Organizational Unit that
    >>>>> contains your Terminal Server, and enable the following
    >>>>> setting:
    >>>>>
    >>>>> Computer Configuration - Administrative templates - System -
    >>>>> User profiles
    >>>>> "Only allow local user profiles"
    >>>>>
    >>>>> 260370 - How to Apply Group Policy Objects to Terminal
    >>>>> Services Servers
    >>>>> http://support.microsoft.com/?kbid=260370
    >>>>>
    >>>>> --
    >>>>> Vera Noest
    >>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
    >>>>> http://hem.fyristorg.com/vera/IT
    >>>>> --- please respond in newsgroup, NOT by private email ---
    >>>>>
    >>>>> "theitman" <nospam@olsbuff.com> wrote on 17 mar 2005 in
    >>>>> microsoft.public.windowsnt.terminalserver.misc:
    >>>>>
    >>>>>> -
    >>>>>> Hi Vera,
    >>>>>>
    >>>>>> Is it better to use Group Policies for this task (So
    >>>>>> everyone that loges onto the Terminal Server gets the same
    >>>>>> desktop and program settings)? I'm interested in Group
    >>>>>> Policies for this task, however, I have never use GP and I
    >>>>>> don't know where to start. If it's not to involved can you
    >>>>>> give me the step need to accomplish the above.
    >>>>>>
    >>>>>> Thanks in Advance,
    >>>>>> Terry
    >>>>>>
    >>>>>> PS: as long as you may be helping me do one GP is the there
    >>>>>> an easy way to Turn OFF the Win XP Firewall on all the XP
    >>>>>> machines in one site in the AD?
    >>>>>>
    >>>>>> Again Thanks so much for the help.
    >>>>>>
    >>>>>> Terry
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>
    >>>>>> wrote in message
    >>>>>> news:Xns961AEBD31CFEBveranoesthemutforsse@207.46.248.16...
    >>>>>>> That sounds correct. Every user that connects to this TS
    >>>>>>> and *who has not yet an existing roaming TS-specific
    >>>>>>> profile*, will receive a copy of the Default User profile
    >>>>>>> that you created.
    >>>>>>>
    >>>>>>> If users have existing roaming TS profiles, they will *not*
    >>>>>>> receive a copy of the Default User profile. You can force
    >>>>>>> them to get one by deleteing theit existing roaming TS
    >>>>>>> profile, but then they will also use this Ts profile on all
    >>>>>>> other TS they connect to. So if this profile should be
    >>>>>>> unique to this TS, make sure that users do *not* have
    >>>>>>> roaming TS profiles. Note that you can use a GPO to force a
    >>>>>>> local profile.
    >>>>>>>
    >>>>>>> If users have local TS profiles, you should be OK now.
    >>>>>>>
    >>>>>>> --
    >>>>>>> Vera Noest
    >>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
    >>>>>>> http://hem.fyristorg.com/vera/IT
    >>>>>>> --- please respond in newsgroup, NOT by private email ---
    >>>>>>>
    >>>>>>> <NoSpamZtheitman@nospamZolsbuff.com> wrote on 15 mar 2005
    >>>>>>> in microsoft.public.windowsnt.terminalserver.misc:
    >>>>>>>
    >>>>>>>> -
    >>>>>>>> Yes there is a Trust (I think by default) AD does this.
    >>>>>>>> Wow had to add the Everyone group and then add the Domains
    >>>>>>>> to the groups of users.
    >>>>>>>> It's working now. Thanks for the help.
    >>>>>>>>
    >>>>>>>> Here is an easy one I'm sure,
    >>>>>>>> I logged on to the Terminal Server as a user named
    >>>>>>>> "LikeThis" setup all the programs and Desk Top, then setup
    >>>>>>>> all the option the way I need them in MS Word and Excel.
    >>>>>>>> So the user profile for the user "LikeThis" is perfect. No
    >>>>>>>> I want Everyone that logs onto the terminal server to get
    >>>>>>>> this as the profile for their Terminal Server session. I
    >>>>>>>> think I copy the user profile "LikeThis" over the top on
    >>>>>>>> the Local Right click on My Computer, System Properties,
    >>>>>>>> Advanced, User Profiles,Select the user profile
    >>>>>>>> "LikeThis",then click on Copy To, and Brows to the %system
    >>>>>>>> root%Documents and settings/Default User folder, then
    >>>>>>>> click on OK. I am guessing that this will cause ANY user
    >>>>>>>> that log onto this Terminal Server to have the Setting I
    >>>>>>>> created for Word, Excel (the Macro Security settings, set
    >>>>>>>> to Low etc.) am I correct? Do I have all the correct
    >>>>>>>> steps?
    >>>>>>>>
    >>>>>>>> This is Windows Server 2003 running as Terminal Server.
    >>>>>>>>
    >>>>>>>> The reason I am NOT sure is because the Help file I found
    >>>>>>>> made me think that these steps will change more than the
    >>>>>>>> users profile on this Terminal Server. Sounded almost like
    >>>>>>>> I was changing AL the User in the Domain. I ONLY want to
    >>>>>>>> control the user profile on this ONE Terminal Server.
    >>>>>>>>
    >>>>>>>> Thanks in advance !!!
    >>>>>>>> Terry
    >>>>>>>>
    >>>>>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>
    >>>>>>>> wrote in message
    >>>>>>>> news:Xns9618ED717C2E3veranoesthemutforsse@207.46.248.16...
    >>>>>>>>> Is there a trust relationship between these 2 domains?
    >>>>>>>>> You have to make the \\domain2\username a member of the
    >>>>>>>>> local built-in group "Remote Desktop Users" on the
    >>>>>>>>> Terminal Server in domain1.
    >>>>>>>>>
    >>>>>>>>> If the Terminal Server is also a Domain Controller in
    >>>>>>>>> domain 1 (which is *not* recommmended!), then you have to
    >>>>>>>>> give this user Log On Locally rights on the server (in
    >>>>>>>>> the default Domain Controller Security Policy).
    >>>>>>>>>
    >>>>>>>>> --
    >>>>>>>>> Vera Noest
    >>>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
    >>>>>>>>> http://hem.fyristorg.com/vera/IT
    >>>>>>>>> --- please respond in newsgroup, NOT by private email ---
    >>>>>>>>>
    >>>>>>>>> "theitman" <nospam@olsbuff.com> wrote on 13 mar 2005 in
    >>>>>>>>> microsoft.public.windowsnt.terminalserver.misc:
    >>>>>>>>>
    >>>>>>>>>> -
    >>>>>>>>>> Hello everyone,
    >>>>>>>>>> Windows 2003 setup with Terminal Server
    >>>>>>>>>> Everything works as expected when I login with a user
    >>>>>>>>>> account from my local Domain (domain1) however, when I
    >>>>>>>>>> tried to logon to the Terminal Server with an account
    >>>>>>>>>> form one of our other doamain (domain2) I get the
    >>>>>>>>>> following error and can not logon. The local policy of
    >>>>>>>>>> this system does not permit you to logon interactively.
    >>>>>>>>>> Then I am disconnected. Any step by step help will be
    >>>>>>>>>> very helpful (This is the first Terminal Server I am
    >>>>>>>>>> tring to setup) As Always, Thank You in advance, Terry
  11. Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

    Yes, I would add Everyone here, to be sure that you don't get
    permission problems.

    --
    Vera Noest
    MCSE, CCEA, Microsoft MVP - Terminal Server
    http://hem.fyristorg.com/vera/IT
    --- please respond in newsgroup, NOT by private email ---

    <NoSpamZtheitman@nospamZolsbuff.com> wrote on 21 mar 2005 in
    microsoft.public.windowsnt.terminalserver.misc:

    > -
    > Vera,
    > Well, your correct :(
    > Ok I reinstall a fresh copy and I am back to my starting point.
    >
    > I still have one question:
    > After the "copy to" do I need to click on the [Change ] button
    > a enter "everyone"
    >
    > Thanks,
    > Terry
    >
    >
    > "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote
    > in message
    > news:Xns961FA1954A162veranoesthemutforsse@207.46.248.16...
    >> You can re-create the shortcuts manually or re-install
    >> completely. Which method is faster depends on how many
    >> shortcuts and settings you have to configure manually, and how
    >> well you documented your system.
    >>
    >> I'm afraid that you have just learned the hard way that you
    >> always need a backup before making major changes, preferably a
    >> total system backup.
    >> When modifying the Default User profile (or anything else for
    >> that matter), first copy the existing folder to another folder
    >> before you overwrite it. Delete the original only when you are
    >> 100% sure that your modifications are OK.
    >>
    >> --
    >> Vera Noest
    >> MCSE, CCEA, Microsoft MVP - Terminal Server
    >> http://hem.fyristorg.com/vera/IT
    >> --- please respond in newsgroup, NOT by private email ---
    >>
    >> <NoSpamZtheitman@nospamZolsbuff.com> wrote on 20 mar 2005 in
    >> microsoft.public.windowsnt.terminalserver.misc:
    >>
    >>> -
    >>> Hi Vera,
    >>>
    >>> I know what I did wrong, I copied a Domain user profile over
    >>> the Default User :(
    >>> Now I need to re-create the Default User profile or maybe try
    >>> a repair or Windows 2003 (is there anything you can think of)?
    >>> Maybe I have to Re-Install Windows 2003 ?
    >>> Whatever I need to do I need to do it today (Sunday)
    >>> Any suggestions on re-creating the Default User profile?
    >>> Right now No account including the local Administrator have
    >>> all the programs I installed and the programs are all missing
    >>> fro Start, Programs 995 of the programs are NOT listed here
    >>> any longer.
    >>>
    >>> Any suggestions?
    >>> Thanks, Terry
    >>>
    >>>
    >>>
    >>> "theitman" <nospam@olsbuff.com> wrote in message
    >>> news:OZijLVOLFHA.1884@TK2MSFTNGP15.phx.gbl...
    >>>> -
    >>>> Hi Vera,
    >>>>
    >>>> I copied the Profile I setup "LikeThis" I did NOT click on
    >>>> the [Change] option mentioned below.
    >>>> No I have a problem. All the users that logon get a very
    >>>> limited profile. It is picking up the mapped drives OK from
    >>>> there Login script on the DC (This is GOOD and I want this to
    >>>> happen) However, there desktop ONLY shows the icon for out
    >>>> (for Office 2002 installed on this Terminal Server
    >>>> api-tserver)
    >>>> None of the setting I set in the "LikeThis" profile are
    >>>> there. If I brows to MS Word (Program Files, Microsoft
    >>>> Office, ...) and click on
    >>>> Winword.exe Word will start but i get errors.
    >>>> So,
    >>>> How do I fix this so the users all get the proper setting
    >>>> from the Default User when they login to this Terminal Server
    >>>> ?
    >>>>
    >>>> Can you Please email me directly (I have to fix this ASAP)
    >>>> my email address is: theitman at olsbuff.com
    >>>>
    >>>> Thanks a lot for the help Vera !!!
    >>>>
    >>>> Terry
    >>>>
    >>>>
    >>>>
    >>>> "theitman" <nospam@olsbuff.com> wrote in message
    >>>> news:%23oW3aOLLFHA.732@TK2MSFTNGP12.phx.gbl...
    >>>>> -
    >>>>> Hi Vera,
    >>>>>
    >>>>> I am new to all this :)
    >>>>> Here is what I did so far I got so far:
    >>>>>
    >>>>> On the DC (APIDC1 located in api.armlink.com)
    >>>>> Followed the steps under Method 1 in 260370 (link you
    >>>>> provided) Created the OU on the DC computer (DC computer
    >>>>> here is APIDC1) steps 1 - 9 OK
    >>>>> Created a Terminal Server Group Policy object , steps 1 - 5
    >>>>> OK OU and Group Police named after the computer
    >>>>> (API-Tserver) as mentioned in the article.
    >>>>>
    >>>>> On the Terminal Server (API-Tserver)
    >>>>> The Terminal Server Name is API-Tserver (Windows Server
    >>>>> 2003 is a stand alone)
    >>>>> I the steps you mentioned below on the Terminal Server.
    >>>>> I did this already:
    >>>>> created a Default User profile with all the setting I
    >>>>> want.
    >>>>> Now when I copy the User Profile (LikeThis) onto the
    >>>>> Default User
    >>>>> Profile (folder)
    >>>>> Do I also want to click on the Change button (located
    >>>>> on this page
    >>>>> [Users or Built-in Groups] )
    >>>>> and enter "Everyone" ? The following is already
    >>>>> listing the
    >>>>> following on this Permit to use [ Change ] page
    >>>>> From this location [Armlink.com] this is our domain
    >>>>> So do I need to add the everyone group in the Enter the
    >>>>> object name to
    >>>>> select [ ] here?
    >>>>>
    >>>>>
    >>>>> Do I need to install something so I can work with Users and
    >>>>> Computers on this 2003 server (if I do where do I get the
    >>>>> program)?
    >>>>>
    >>>>> Thanks so much Vera,
    >>>>> I need baby steps :-)
    >>>>> Terry
    >>>>>
    >>>>>
    >>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>
    >>>>> wrote in message
    >>>>> news:Xns961DEA27B54D2veranoesthemutforsse@207.46.248.16...
    >>>>>> Create the Default User profile on the TS as you described
    >>>>>> earlier If you want to force the users to use a local
    >>>>>> profile on the TS, create a Group Policy (in Active
    >>>>>> Directory Users and Computers), link it to the
    >>>>>> Organizational Unit that contains your Terminal Server, and
    >>>>>> enable the following setting:
    >>>>>>
    >>>>>> Computer Configuration - Administrative templates - System
    >>>>>> - User profiles
    >>>>>> "Only allow local user profiles"
    >>>>>>
    >>>>>> 260370 - How to Apply Group Policy Objects to Terminal
    >>>>>> Services Servers
    >>>>>> http://support.microsoft.com/?kbid=260370
    >>>>>>
    >>>>>> --
    >>>>>> Vera Noest
    >>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
    >>>>>> http://hem.fyristorg.com/vera/IT
    >>>>>> --- please respond in newsgroup, NOT by private email ---
    >>>>>>
    >>>>>> "theitman" <nospam@olsbuff.com> wrote on 17 mar 2005 in
    >>>>>> microsoft.public.windowsnt.terminalserver.misc:
    >>>>>>
    >>>>>>> -
    >>>>>>> Hi Vera,
    >>>>>>>
    >>>>>>> Is it better to use Group Policies for this task (So
    >>>>>>> everyone that loges onto the Terminal Server gets the same
    >>>>>>> desktop and program settings)? I'm interested in Group
    >>>>>>> Policies for this task, however, I have never use GP and I
    >>>>>>> don't know where to start. If it's not to involved can you
    >>>>>>> give me the step need to accomplish the above.
    >>>>>>>
    >>>>>>> Thanks in Advance,
    >>>>>>> Terry
    >>>>>>>
    >>>>>>> PS: as long as you may be helping me do one GP is the
    >>>>>>> there an easy way to Turn OFF the Win XP Firewall on all
    >>>>>>> the XP machines in one site in the AD?
    >>>>>>>
    >>>>>>> Again Thanks so much for the help.
    >>>>>>>
    >>>>>>> Terry
    >>>>>>>
    >>>>>>>
    >>>>>>>
    >>>>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>
    >>>>>>> wrote in message
    >>>>>>> news:Xns961AEBD31CFEBveranoesthemutforsse@207.46.248.16...
    >>>>>>>> That sounds correct. Every user that connects to this TS
    >>>>>>>> and *who has not yet an existing roaming TS-specific
    >>>>>>>> profile*, will receive a copy of the Default User profile
    >>>>>>>> that you created.
    >>>>>>>>
    >>>>>>>> If users have existing roaming TS profiles, they will
    >>>>>>>> *not* receive a copy of the Default User profile. You can
    >>>>>>>> force them to get one by deleteing theit existing roaming
    >>>>>>>> TS profile, but then they will also use this Ts profile
    >>>>>>>> on all other TS they connect to. So if this profile
    >>>>>>>> should be unique to this TS, make sure that users do
    >>>>>>>> *not* have roaming TS profiles. Note that you can use a
    >>>>>>>> GPO to force a local profile.
    >>>>>>>>
    >>>>>>>> If users have local TS profiles, you should be OK now.
    >>>>>>>>
    >>>>>>>> --
    >>>>>>>> Vera Noest
    >>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
    >>>>>>>> http://hem.fyristorg.com/vera/IT
    >>>>>>>> --- please respond in newsgroup, NOT by private email ---
    >>>>>>>>
    >>>>>>>> <NoSpamZtheitman@nospamZolsbuff.com> wrote on 15 mar 2005
    >>>>>>>> in microsoft.public.windowsnt.terminalserver.misc:
    >>>>>>>>
    >>>>>>>>> -
    >>>>>>>>> Yes there is a Trust (I think by default) AD does this.
    >>>>>>>>> Wow had to add the Everyone group and then add the
    >>>>>>>>> Domains to the groups of users.
    >>>>>>>>> It's working now. Thanks for the help.
    >>>>>>>>>
    >>>>>>>>> Here is an easy one I'm sure,
    >>>>>>>>> I logged on to the Terminal Server as a user named
    >>>>>>>>> "LikeThis" setup all the programs and Desk Top, then
    >>>>>>>>> setup all the option the way I need them in MS Word and
    >>>>>>>>> Excel. So the user profile for the user "LikeThis" is
    >>>>>>>>> perfect. No I want Everyone that logs onto the terminal
    >>>>>>>>> server to get this as the profile for their Terminal
    >>>>>>>>> Server session. I think I copy the user profile
    >>>>>>>>> "LikeThis" over the top on the Local Right click on My
    >>>>>>>>> Computer, System Properties, Advanced, User
    >>>>>>>>> Profiles,Select the user profile "LikeThis",then click
    >>>>>>>>> on Copy To, and Brows to the %system root%Documents and
    >>>>>>>>> settings/Default User folder, then click on OK. I am
    >>>>>>>>> guessing that this will cause ANY user that log onto
    >>>>>>>>> this Terminal Server to have the Setting I created for
    >>>>>>>>> Word, Excel (the Macro Security settings, set
    >>>>>>>>> to Low etc.) am I correct? Do I have all the correct
    >>>>>>>>> steps?
    >>>>>>>>>
    >>>>>>>>> This is Windows Server 2003 running as Terminal Server.
    >>>>>>>>>
    >>>>>>>>> The reason I am NOT sure is because the Help file I
    >>>>>>>>> found made me think that these steps will change more
    >>>>>>>>> than the users profile on this Terminal Server. Sounded
    >>>>>>>>> almost like I was changing AL the User in the Domain. I
    >>>>>>>>> ONLY want to control the user profile on this ONE
    >>>>>>>>> Terminal Server.
    >>>>>>>>>
    >>>>>>>>> Thanks in advance !!!
    >>>>>>>>> Terry
    >>>>>>>>>
    >>>>>>>>> "Vera Noest [MVP]"
    >>>>>>>>> <vera.noest@remove-this.hem.utfors.se> wrote in message
    >>>>>>>>> news:Xns9618ED717C2E3veranoesthemutforsse@207.46.248.16..
    >>>>>>>>> .
    >>>>>>>>>> Is there a trust relationship between these 2 domains?
    >>>>>>>>>> You have to make the \\domain2\username a member of the
    >>>>>>>>>> local built-in group "Remote Desktop Users" on the
    >>>>>>>>>> Terminal Server in domain1.
    >>>>>>>>>>
    >>>>>>>>>> If the Terminal Server is also a Domain Controller in
    >>>>>>>>>> domain 1 (which is *not* recommmended!), then you have
    >>>>>>>>>> to give this user Log On Locally rights on the server
    >>>>>>>>>> (in the default Domain Controller Security Policy).
    >>>>>>>>>>
    >>>>>>>>>> --
    >>>>>>>>>> Vera Noest
    >>>>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
    >>>>>>>>>> http://hem.fyristorg.com/vera/IT
    >>>>>>>>>> --- please respond in newsgroup, NOT by private email
    >>>>>>>>>> ---
    >>>>>>>>>>
    >>>>>>>>>> "theitman" <nospam@olsbuff.com> wrote on 13 mar 2005 in
    >>>>>>>>>> microsoft.public.windowsnt.terminalserver.misc:
    >>>>>>>>>>
    >>>>>>>>>>> -
    >>>>>>>>>>> Hello everyone,
    >>>>>>>>>>> Windows 2003 setup with Terminal Server
    >>>>>>>>>>> Everything works as expected when I login with a user
    >>>>>>>>>>> account from my local Domain (domain1) however, when I
    >>>>>>>>>>> tried to logon to the Terminal Server with an account
    >>>>>>>>>>> form one of our other doamain (domain2) I get the
    >>>>>>>>>>> following error and can not logon. The local policy of
    >>>>>>>>>>> this system does not permit you to logon
    >>>>>>>>>>> interactively. Then I am disconnected. Any step by
    >>>>>>>>>>> step help will be very helpful (This is the first
    >>>>>>>>>>> Terminal Server I am tring to setup) As Always, Thank
    >>>>>>>>>>> You in advance, Terry
Ask a new question

Read More

Windows Server 2003 Terminal Server Windows