Non-Administrator Operator loging under Terminal services ..

Archived from groups: microsoft.public.win2000.security,microsoft.public.win2000.termserv.apps,microsoft.public.win2000.termserv.clients (More info?)

I am trying to allow one of my users to administrate the printers on one of
my servers. I have setup terminal services (Windows 2000) in administrative
mode. I have added this person to the permissions for the RDP connection in
the Terminal Services Configuration console. However it will not allow that
user to log in because that user is not in the administrator group. It gives
the following error:"You do not have access to logon to this Session".

Is their a way to grant this user access to administer the printers only?"
6 answers Last reply
More about administrator operator loging terminal services
  1. Archived from groups: microsoft.public.win2000.security,microsoft.public.win2000.termserv.apps,microsoft.public.win2000.termserv.clients (More info?)

    SPdaddy,

    I am assuming you are using Term Services in the "Remote
    Administration" mode and not in the "Applications" mode. If that be
    the case, then yes, this is a limitation to the licensing. You *will*
    have to be an admin to use Terminal Services in this environment. for
    more information, consult the following KB article....It explains how
    to change the mode from Remote Admin to Applications...of course
    assuming you have licenses to run it in "Applications" mode :-).

    http://support.microsoft.com/default.aspx?scid=kb;en-us;306626

    Regards,

    Patty
  2. Archived from groups: microsoft.public.win2000.security,microsoft.public.win2000.termserv.apps,microsoft.public.win2000.termserv.clients (More info?)

    You'll also need to ensure the user or group they are a member of has the
    'Logon locally' right in the Local or domain policy.

    Example for local policy:
    Start>Programs>Adminsitrative Tools>Local Security Policy>Local
    Policies>User Rights Assignments>Logon locally


    "SPdaddy" <MCSE2bee@noemail.postalias> wrote in message
    news:0A748A52-4BB9-487E-90C1-5DC5BAA89CEA@microsoft.com...
    >I am trying to allow one of my users to administrate the printers on one of
    > my servers. I have setup terminal services (Windows 2000) in
    > administrative
    > mode. I have added this person to the permissions for the RDP connection
    > in
    > the Terminal Services Configuration console. However it will not allow
    > that
    > user to log in because that user is not in the administrator group. It
    > gives
    > the following error:"You do not have access to logon to this Session".
    >
    > Is their a way to grant this user access to administer the printers only?"
  3. Archived from groups: microsoft.public.win2000.security,microsoft.public.win2000.termserv.apps,microsoft.public.win2000.termserv.clients (More info?)

    I had already done that. Thats when the message that said "The local policy
    of this system does not permit you to logon interactively." went away and now
    I get "You do not have access to logon to this Session." If I add this user
    to the administrators group, it allows that user to logon.


    "GeeB" wrote:

    > You'll also need to ensure the user or group they are a member of has the
    > 'Logon locally' right in the Local or domain policy.
    >
    > Example for local policy:
    > Start>Programs>Adminsitrative Tools>Local Security Policy>Local
    > Policies>User Rights Assignments>Logon locally
    >
    >
    > "SPdaddy" <MCSE2bee@noemail.postalias> wrote in message
    > news:0A748A52-4BB9-487E-90C1-5DC5BAA89CEA@microsoft.com...
    > >I am trying to allow one of my users to administrate the printers on one of
    > > my servers. I have setup terminal services (Windows 2000) in
    > > administrative
    > > mode. I have added this person to the permissions for the RDP connection
    > > in
    > > the Terminal Services Configuration console. However it will not allow
    > > that
    > > user to log in because that user is not in the administrator group. It
    > > gives
    > > the following error:"You do not have access to logon to this Session".
    > >
    > > Is their a way to grant this user access to administer the printers only?"
    >
    >
    >
  4. Archived from groups: microsoft.public.win2000.security,microsoft.public.win2000.termserv.apps,microsoft.public.win2000.termserv.clients (More info?)

    my kitty sleeps on my router and i love chocolate
  5. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi,

    Thank you for posting here!

    I notice that you have posted the same question in our
    microsoft.public.win2000.termserv.apps newsgroup, to which I have already
    responded. Please check my answer there, and if you need any further
    assistance on this particular issue please reply to me in that thread so I
    can follow up with you. In the future, please don't cross-post the same
    question in multiple newsgroups. This will help our engineers work on your
    question more efficiently. Your understanding and cooperation is
    appreciated.

    For your convenience, I have included my reply as follows:

    ===============================
    Hi,

    Thanks for posting here. Also thanks all guys' kindly replies.

    I agree with Patty, you may refer to the KB306626 to resolve your issue.

    Since Application Server mode permits more than two simultaneous
    connections by non-administrators, but requires the Terminal Services
    Licensing service to be installed on a domain controller (for which you can
    use any server in a workgroup environment), and a Terminal Services Client
    Access License is also required for non-Windows 2000 Professional clients,
    I also provide some references as below for your convenience:

    For additional information about how to activate a license server, click
    the article number below to view the article in the Microsoft Knowledge
    Base:
    How to Activate a Terminal Services License Server and Install CALs Over
    the Internet
    http://support.microsoft.com/kb/237811

    For additional information about how to activate a license server, click
    the following article number to view the article in the Microsoft Knowledge
    Base:
    How To Activate a License Server by Using Terminal Services Licensing in
    Windows 2000
    http://support.microsoft.com/kb/306622

    For additional information about how to deactivate or reactivate a license
    server, click the following article number to view the article in the
    Microsoft Knowledge Base:
    How To Deactivate or Reactivate a License Server Using Terminal Services
    Licensing
    http://support.microsoft.com/kb/306578

    Hope this helps!

    Have a nice day!
    ===============================

    Thank you again for your understanding and have a nice day!

    Sincerely,
    Tom Che
    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security

    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
    >Thread-Topic: Non-Administrator Operator loging under Terminal services
    Admin mo
    >thread-index: AcWMdXvG6GXisd+ST7eghKYQElECsg==
    >X-WBNR-Posting-Host: 208.13.158.25
    >From: "=?Utf-8?B?U1BkYWRkeQ==?=" <MCSE2bee@noemail.postalias>
    >Subject: Non-Administrator Operator loging under Terminal services Admin mo
    >Date: Tue, 19 Jul 2005 08:21:06 -0700
    >Lines: 8
    >Message-ID: <0A748A52-4BB9-487E-90C1-5DC5BAA89CEA@microsoft.com>
    >MIME-Version: 1.0
    >Content-Type: text/plain;
    > charset="Utf-8"
    >Content-Transfer-Encoding: 7bit
    >X-Newsreader: Microsoft CDO for Windows 2000
    >Content-Class: urn:content-classes:message
    >Importance: normal
    >Priority: normal
    >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    >Newsgroups:
    microsoft.public.win2000.security,microsoft.public.win2000.termserv.apps,mic
    rosoft.public.win2000.termserv.clients
    >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
    >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
    >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.win2000.termserv.apps:4873
    microsoft.public.win2000.termserv.clients:5432
    microsoft.public.win2000.security:14563
    >X-Tomcat-NG: microsoft.public.win2000.security
    >
    >I am trying to allow one of my users to administrate the printers on one
    of
    >my servers. I have setup terminal services (Windows 2000) in
    administrative
    >mode. I have added this person to the permissions for the RDP connection
    in
    >the Terminal Services Configuration console. However it will not allow
    that
    >user to log in because that user is not in the administrator group. It
    gives
    >the following error:"You do not have access to logon to this Session".
    >
    >Is their a way to grant this user access to administer the printers only?"
    >
  6. Archived from groups: microsoft.public.win2000.security,microsoft.public.win2000.termserv.apps,microsoft.public.win2000.termserv.clients (More info?)

    Note that you can also use terminal server manager to modify the rdp connection
    permissions to allow for a non-admin to log into an admin session.

    That being said, I would look into what could be done with remote administration
    before giving a non-admin user local interactive access to a server.

    --
    Joe Richards Microsoft MVP Windows Server Directory Services
    www.joeware.net


    Patty Calcaterra wrote:
    > SPdaddy,
    >
    > I am assuming you are using Term Services in the "Remote
    > Administration" mode and not in the "Applications" mode. If that be
    > the case, then yes, this is a limitation to the licensing. You *will*
    > have to be an admin to use Terminal Services in this environment. for
    > more information, consult the following KB article....It explains how
    > to change the mode from Remote Admin to Applications...of course
    > assuming you have licenses to run it in "Applications" mode :-).
    >
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;306626
    >
    > Regards,
    >
    > Patty
    >
Ask a new question

Read More

Terminal Microsoft Windows