If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Remote Desktop and Service Pack 2
Hi, i have a problem with Remote Desktop that i hope somebody can help me
with: Under WindowsXP Gold/SP1 we used make use of Remote Desktop functionality. Normally, users must be a member of the local 'Remote Desktop Users' group before they could logon via Remote Desktop. However, if they were already logged into the target workstation (and had locked it etc) then they could Remote Desktop to it without being in the local Remote Desktop Users group. This was most useful, as it meant that people could use their 'own' machine, but not connect to any others. Under WindowsXP SP2, this no longer works and users MUST be a member of the 'Remote Desktop Users' group before connecting. (BTW I know that this is not a firewall issue, as if i place the user account into the Remote Desktop users group they can connect OK). A little digging with Security Analysis shows the following: SP1 - Allow Logon Through Terminal Services = Administrators, Users SP2 - Allow Logon Through Terminal Services = Administrators, Remote Desktop Users Ok, so i found a difference. so I used GP to add the Users group into the 'Allow Logon Through Terminal Services' right. However, sadly this now means that ANYBODY can Remote Desktop to a machine, which is not what i want. Does anybody know if this change in SP2 was deliberate, and if a workaround exists? We are keen to make the Remote Desktop functionaility available to the person who is currently logged on to the workstation, without having to put individuals into the local group, and without letting anybody else connect Many thanks -- Jim Watts, Technology Consultant Information Systems Services University of Southampton |
Ads |
#2
|
|||
|
|||
Remote Desktop and Service Pack 2
Hi Jim,
I would like to confirm my understanding of this issue. I assume that: 1. User1 as a normal user on machine1, use1 logon to machine1 locally and then lock machine1 2. Use1 logon to machine 2 locally and rdp to machine1. This can be done successfully in Windows XP SP1; however, you need to use Use1 to local remote desktop users group in XP2 to achieve this goal. One question is that are they in the domain environment or a workgroup? I am currently setting up the environment to test this issue. Now I have build up two machines, one is XP with SP1 and other is XP with SP2 installed. They are both in domain called win2k3dom. There is use named test. The following steps I will do are as follows: Use Test to logon to XPSP1 and lock it. Use Test to logon to the XPSP2 and remote to XPSP1. Use Test to logon to XPSP2 and lock it. Use Test to logon to XPSP1 and remote to XPSP2. NOTE: Test will only be in the local user group. Are the steps correct? If not, please provide the detailed steps how to reproduce this issue. Thank you for your patience! Best regards, Rebecca Chen MCSE2000 MCDBA CCNA Microsoft Online Partner Support Get Secure! - www.microsoft.com/security ================================================== === When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ================================================== === This posting is provided "AS IS" with no warranties, and confers no rights. |
#3
|
|||
|
|||
Remote Desktop and Service Pack 2
Ok, thanks for your response.
Yes, your test environment looks correct. I have just duplicated it as well, and i find exactly what you find. This is odd, as i'm sure that we used to be able to remote desktop to machines while having the currently logged on user NOT a member of the local remote desktop users group, but that doesnt seem to have been the case. Thanks for your testing efforts, and sorry to have wasted your time. -- Jim Watts, Technology Consultant Information Systems Services University of Southampton "Rebecca Chen [MSFT]" wrote in message ... Hi Jim, I use the following steps to test this issue: The environment: ================ 1. Machine1 called rebcxp with SP1 installed. 2. Machine2 called rebcxpsp2 with SP2 isntalled. 3. The domain named win2k3dom and user called test, which is a normal domain users member as well as the both local users member. Steps performed: =============== 1. Use test to logon to rebcxp and lock the machine. 2. Use test to logon to rebcxpsp2 and RDP to rebcxp by using test account. 3. Get the error: "the local policy of the system does not permit you to logon interactively" 4. Use domain administrator account to logon to the rebcxpsp2 machine and RDP to rebcxp by using test, also get this error, please see my screen shot. 5. Get the same result if I lock rebcxpsp2 and RDP from rebcxp. Refer to the following article to add the test to rebcxp remote desktop group member, I can then use rebcxpsp2 machine to RDP to rebcxp. I have not seen any difference between XP SP1 machine and SP2 machine. 289289 Remote desktop connection "The local policy of this system does not http://support.microsoft.com/?id=289289 If this is not your case, please let me know the detailed steps to reproduce this issue. I look forward to your reply. Best regards, Rebecca Chen MCSE2000 MCDBA CCNA Microsoft Online Partner Support Get Secure! - www.microsoft.com/security ================================================== === When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ================================================== === This posting is provided "AS IS" with no warranties, and confers no rights. |
#4
|
|||
|
|||
Remote Desktop and Service Pack 2
Hi Jim,
Thanks for keep me updated! I am glad to hear you have the same result as I have tested. I guess may be a group has been added to local Remote Desktop Users group instead of the individual user in the original XP SP1 machine. If there is anything we can help or you have further update, let's get in touch! Best regards, Rebecca Chen MCSE2000 MCDBA CCNA Microsoft Online Partner Support Get Secure! - www.microsoft.com/security ================================================== === When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ================================================== === This posting is provided "AS IS" with no warranties, and confers no rights. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Task Manager Hell!!!!!!!!!!!! | McFly | Windows XP Help and Support | 1 | February 25th 06 03:15 AM |
Remote Desktop and Service Pack 2 | Jim Watts | Security and Administration with Windows XP | 3 | January 27th 05 10:32 AM |
network adapters | Rick and Deb | Networking and the Internet with Windows XP | 32 | December 17th 04 06:28 PM |
Task Manager Hell!!!!! | McFly | Performance and Maintainance of XP | 2 | October 15th 04 04:04 PM |
Windows task manager | Gwjphantom | The Basics | 5 | October 13th 04 09:59 AM |