I have set up Terminal Services in Windows 2003.
Which is part of the domain. That server is not DC. It has only one role: Terminal Server
When I'm trying to log in to it via RDP as an Domain Administrator or any other user
in the Domain Admins group. It's working fine and allowing me to work.
However when I'm trying to RDP in with members of "Domain Users" group
I am getting:
Remote Desktop Connection Denied because the user account is not
authorized for remote login
I have set local policies and allowed Domain Users (Allow logon through Remote Desktop Services)
and the Deny login through Remote Desktop Services is not configured.
I also tried to add certain users to the Builtin Remote Desktop Users group
no luck.
Please help!
Best Answer
Create a group policy that uses the restricted groups feature to place "Domain Users" in the "Remote Desktop Users" group. Apply that policy to your server, overriding the local policy. Log in as domain admin and make sure the policy refreshes. When you examine the remote desktop users group, verify that "domain users" has been placed in this group. Now, log off and test as one of your domain users.