> So the 2003 server is a DC, correct?
> I assume that it is *not* recommended to run TS on a DC, for both
> performance and -most of all-security reasons. After all, by
> installing TS, you turn your DC into a multi-user workstation!
> Can't you demote the W2K server to a member server and then upgrade
> it to 2003? That would give you a 2003 domain with a dedicated TS,
> which is a much better environment.
>
> That said, you'll have to make your users members of the Domain
> Local built-in group Remote Desktop Users in AD and add that group to
> this setting in the Default Domain Controller Policy:
> Computer Configuration - Windows Settings - Security Settings - Local
> Policies - User rights Assignment
> "Allow log on through Terminal Services"
> _________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting:
http://ts.veranoest.net> ___ please respond in newsgroup, NOT by private email ___
>
> =?Utf-8?B?SE1PIEZhbGxlbiBBbmdlbA==?=
> <HMOFallenAngel[ at ]discussions.microsoft.com> wrote on 12 jul 2007 in
> microsoft.public.windows.terminal_services:
>
> > Hi eveybody,
> > Before, we used to have a windows 2000 as our domain controller
> > and it was the terminal server too, and we can RDC to this
> > server. Then, we got a new server, installed win 2003 server
> > 'migrated' our 2000 domain to a 2003 domain and right now they
> > are co-existing. We did this because we need to move our
> > application from the win 2000 server to the new 2003 server.
> > Right now users are connecting to the 2000 server using using
> > terminal server without any problems.
> > I have already installed terminal server and its licenses on the
> > new win 2003 server but when i try to connect using RDC i'm
> > getting the error:
> >
> > "To log on this remote computer, you must be granted the Allow
> > log on through Terminal Services right. By default, members of
> > the Remote Desktop Users group have this right. If you are not a
> > member of the Remote Desktop group or another group thas has
> > this right, or if the Remote Desktop User group does not have
> > this right, you must be grantes this right manually"
> >
> > I'm trying (on the win 2003 server) the local computer
> > policy/computer configuration/ windows setting/ security
> > settings/local policies/user rights assignment/ Allow log on
> > terminal services and allow the Remote Desktop User group, but
> > there is no Remote Desktop User group available. I tried then
> > selecting a single user and allowing this option for this user
> > and is still not working.
> >
> > What can be the problem? I don't have any problem connecting to
> > the 2003 as an administrator.
> >
> > I need to make this work before we can dcpromo the win 2000
> > server and just keep the 2003 server
> >
> > Any help will be really appreciated.
>