Here was the scenario: in both instances I was give a Windows 2003 Terminal Server and asked to add it to a windows 2000 domain. Seems simple enough, until you realize that between 2000 and 2003 there were some fairly serious changed made to the way Windows handles terminal services. The Biggest change is the introduction of the Remote Desktop Users group. When you have a windows 2003 domain this group is available by default and any machine that is setup as a terminal server automatically allows these users to access the computer via Remote Desktop.
Well what message did I get when I tried to login? You've all seen it:
To log on this remote computer, you must be granted the Allow log on
through Terminal Services right. By default, members of the Remote Desktop
Users group have this right. If you are not a member of the Remote Desktop
Users group or another group that has this right, or if the Remote Desktop
User Group does not have this right, you must be granted this right
manually.
That all fine and good but I DID add my users group to the Allow log on
through Terminal Services role in Group policy. Well it turns out that there is at least one other place you have to add your remote users group: the security settings on the RDP-TCP connection.
Here is where you go: Start>Programs>Administrative Tools>Terminal Services Configuration Once there click on Connections, right click on RDP-TCP, and select Permissions. In the permissions tab make sure that your users group whoever it may be has the User Access and Guest Access allowed. You should then be able to log into the machine.
Hope this helps
