Sign in with
Sign up | Sign in
Your question

Non-Administrator Operator loging under Terminal services ..

Last response: in Windows 2000/NT
Share
Anonymous
July 19, 2005 12:21:06 PM

Archived from groups: microsoft.public.win2000.security,microsoft.public.win2000.termserv.apps,microsoft.public.win2000.termserv.clients (More info?)

I am trying to allow one of my users to administrate the printers on one of
my servers. I have setup terminal services (Windows 2000) in administrative
mode. I have added this person to the permissions for the RDP connection in
the Terminal Services Configuration console. However it will not allow that
user to log in because that user is not in the administrator group. It gives
the following error:"You do not have access to logon to this Session".

Is their a way to grant this user access to administer the printers only?"
Anonymous
July 19, 2005 3:30:34 PM

Archived from groups: microsoft.public.win2000.security,microsoft.public.win2000.termserv.apps,microsoft.public.win2000.termserv.clients (More info?)

SPdaddy,

I am assuming you are using Term Services in the "Remote
Administration" mode and not in the "Applications" mode. If that be
the case, then yes, this is a limitation to the licensing. You *will*
have to be an admin to use Terminal Services in this environment. for
more information, consult the following KB article....It explains how
to change the mode from Remote Admin to Applications...of course
assuming you have licenses to run it in "Applications" mode :-).

http://support.microsoft.com/default.aspx?scid=kb;en-us;306626

Regards,

Patty
Anonymous
July 19, 2005 5:17:12 PM

Archived from groups: microsoft.public.win2000.security,microsoft.public.win2000.termserv.apps,microsoft.public.win2000.termserv.clients (More info?)

You'll also need to ensure the user or group they are a member of has the
'Logon locally' right in the Local or domain policy.

Example for local policy:
Start>Programs>Adminsitrative Tools>Local Security Policy>Local
Policies>User Rights Assignments>Logon locally


"SPdaddy" <MCSE2bee@noemail.postalias> wrote in message
news:0A748A52-4BB9-487E-90C1-5DC5BAA89CEA@microsoft.com...
>I am trying to allow one of my users to administrate the printers on one of
> my servers. I have setup terminal services (Windows 2000) in
> administrative
> mode. I have added this person to the permissions for the RDP connection
> in
> the Terminal Services Configuration console. However it will not allow
> that
> user to log in because that user is not in the administrator group. It
> gives
> the following error:"You do not have access to logon to this Session".
>
> Is their a way to grant this user access to administer the printers only?"
Related resources
Can't find your answer ? Ask !
Anonymous
July 19, 2005 5:17:13 PM

Archived from groups: microsoft.public.win2000.security,microsoft.public.win2000.termserv.apps,microsoft.public.win2000.termserv.clients (More info?)

I had already done that. Thats when the message that said "The local policy
of this system does not permit you to logon interactively." went away and now
I get "You do not have access to logon to this Session." If I add this user
to the administrators group, it allows that user to logon.



"GeeB" wrote:

> You'll also need to ensure the user or group they are a member of has the
> 'Logon locally' right in the Local or domain policy.
>
> Example for local policy:
> Start>Programs>Adminsitrative Tools>Local Security Policy>Local
> Policies>User Rights Assignments>Logon locally
>
>
> "SPdaddy" <MCSE2bee@noemail.postalias> wrote in message
> news:0A748A52-4BB9-487E-90C1-5DC5BAA89CEA@microsoft.com...
> >I am trying to allow one of my users to administrate the printers on one of
> > my servers. I have setup terminal services (Windows 2000) in
> > administrative
> > mode. I have added this person to the permissions for the RDP connection
> > in
> > the Terminal Services Configuration console. However it will not allow
> > that
> > user to log in because that user is not in the administrator group. It
> > gives
> > the following error:"You do not have access to logon to this Session".
> >
> > Is their a way to grant this user access to administer the printers only?"
>
>
>
Anonymous
July 20, 2005 1:51:26 AM

Archived from groups: microsoft.public.win2000.security,microsoft.public.win2000.termserv.apps,microsoft.public.win2000.termserv.clients (More info?)

my kitty sleeps on my router and i love chocolate
Anonymous
July 20, 2005 9:22:30 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi,

Thank you for posting here!

I notice that you have posted the same question in our
microsoft.public.win2000.termserv.apps newsgroup, to which I have already
responded. Please check my answer there, and if you need any further
assistance on this particular issue please reply to me in that thread so I
can follow up with you. In the future, please don't cross-post the same
question in multiple newsgroups. This will help our engineers work on your
question more efficiently. Your understanding and cooperation is
appreciated.

For your convenience, I have included my reply as follows:

===============================
Hi,

Thanks for posting here. Also thanks all guys' kindly replies.

I agree with Patty, you may refer to the KB306626 to resolve your issue.

Since Application Server mode permits more than two simultaneous
connections by non-administrators, but requires the Terminal Services
Licensing service to be installed on a domain controller (for which you can
use any server in a workgroup environment), and a Terminal Services Client
Access License is also required for non-Windows 2000 Professional clients,
I also provide some references as below for your convenience:

For additional information about how to activate a license server, click
the article number below to view the article in the Microsoft Knowledge
Base:
How to Activate a Terminal Services License Server and Install CALs Over
the Internet
http://support.microsoft.com/kb/237811

For additional information about how to activate a license server, click
the following article number to view the article in the Microsoft Knowledge
Base:
How To Activate a License Server by Using Terminal Services Licensing in
Windows 2000
http://support.microsoft.com/kb/306622

For additional information about how to deactivate or reactivate a license
server, click the following article number to view the article in the
Microsoft Knowledge Base:
How To Deactivate or Reactivate a License Server Using Terminal Services
Licensing
http://support.microsoft.com/kb/306578

Hope this helps!

Have a nice day!
===============================

Thank you again for your understanding and have a nice day!

Sincerely,
Tom Che
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
>Thread-Topic: Non-Administrator Operator loging under Terminal services
Admin mo
>thread-index: AcWMdXvG6GXisd+ST7eghKYQElECsg==
>X-WBNR-Posting-Host: 208.13.158.25
>From: "=?Utf-8?B?U1BkYWRkeQ==?=" <MCSE2bee@noemail.postalias>
>Subject: Non-Administrator Operator loging under Terminal services Admin mo
>Date: Tue, 19 Jul 2005 08:21:06 -0700
>Lines: 8
>Message-ID: <0A748A52-4BB9-487E-90C1-5DC5BAA89CEA@microsoft.com>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups:
microsoft.public.win2000.security,microsoft.public.win2000.termserv.apps,mic
rosoft.public.win2000.termserv.clients
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.win2000.termserv.apps:4873
microsoft.public.win2000.termserv.clients:5432
microsoft.public.win2000.security:14563
>X-Tomcat-NG: microsoft.public.win2000.security
>
>I am trying to allow one of my users to administrate the printers on one
of
>my servers. I have setup terminal services (Windows 2000) in
administrative
>mode. I have added this person to the permissions for the RDP connection
in
>the Terminal Services Configuration console. However it will not allow
that
>user to log in because that user is not in the administrator group. It
gives
>the following error:"You do not have access to logon to this Session".
>
>Is their a way to grant this user access to administer the printers only?"
>
Anonymous
July 20, 2005 3:39:27 PM

Archived from groups: microsoft.public.win2000.security,microsoft.public.win2000.termserv.apps,microsoft.public.win2000.termserv.clients (More info?)

Note that you can also use terminal server manager to modify the rdp connection
permissions to allow for a non-admin to log into an admin session.

That being said, I would look into what could be done with remote administration
before giving a non-admin user local interactive access to a server.

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Patty Calcaterra wrote:
> SPdaddy,
>
> I am assuming you are using Term Services in the "Remote
> Administration" mode and not in the "Applications" mode. If that be
> the case, then yes, this is a limitation to the licensing. You *will*
> have to be an admin to use Terminal Services in this environment. for
> more information, consult the following KB article....It explains how
> to change the mode from Remote Admin to Applications...of course
> assuming you have licenses to run it in "Applications" mode :-).
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;306626
>
> Regards,
>
> Patty
>
!