Allow Users to RDP to Domain Contoller

Similar Messages

• Domain Users cannot RDP but Admin group users can

  Hi guys, need your urgent help. I have worked day and night on this issue. Basically the domain users if rdp to the server, it will get disconnected right away after place in domain account with password. However if logged on using console, I am getting
  the below error message:
  You cannot log on because the logon method you are using is not allowed on this computer. Please see your network administrator for more information.
  I have checked few items to remediate the issues:
  1. Done checked - Allow Log on through Remote Desktop Services RDP users group are in.
  2. Domain users are added to local RDP users group.
  3. KB 2667402 installed.
  4. Restarted the RDP service. 
  Please take note this server have RDS installed as well as Citrix client version 7.
  Evan Ting

  Hi Evan,
  Do you have any progress？
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]

• How to add domain users in RDP in Windows 2012R2

  I just setup Windows 2012 R2 standard server, need to setup domain users to access server via RDP.
  I have read many articles about it, and created a group policy, also add domain users group and individual domain user in Remote Desktop Users. Each user has local workstation administrator privileges.
  When log in to windows 7 pro, domain users still got error as the screenshot below. (administrator can RDP to server). Any one has an idea?

  On DC server:
  Run gpedit.msc
  Browse to Computer Configuration -> Windows settings -> Security Settings -> Local policies -> User Rights Assignment
  Edit "Allow log on through terminal services"
  Add domain users/groups
  Run gpupdate /force

• LDAP authentication in AD (users from other trusted domain)

  Hi
  I have two domain: my - DOMAINA.LOCAL and other trusted - DOMAINB.LOCAL
  I use LDAP authentication in AD for authentication users (AnyConnect).
  Now, I need to authenticate few users from other trusted domain (DOMAINB.LOCAL).
  I do not want direct connect with the domain contoller in the trusted domain.
  My domain controller (DOMAINA.LOCAL), can authenticate users from other trusted domain (if I use username "DOMAINB\userindomainb"), if I try to connect by RDP client to some server (for example, to my domain controller).
  But if I try to test aaa-server authentication from ASA
  I get error.
  I think, I must use username like "DOMAINB\userindomainb" but this not work.
  Help me please.
  Thanks!
  My config:
  aaa-server ADA protocol ldap
  aaa-server ADA (inside) host 10.0.0.1
   ldap-base-dn dc=domaina, dc=local
   ldap-scope subtree
   ldap-naming-attribute sAMAccountName
   ldap-login-password *****
   ldap-login-dn cn=Cisco ASA, ou=ServiceAccounts, ou=Services, dc=domaina, dc=local
   server-type microsoft

  Hello!
  I see in console (debug LDAP):
  Request for [email protected] returned code (10) Referral
  Does ASA support authentication via LDAP referrals?
  I read old thread:
  https://supportforums.cisco.com/discussion/11132591/cisco-asa-and-ldap-authentification
  And see: CSCsj32153  Symptom:the ASA/PIX doesn't currently support LDAP Referall searches. 
  But I use:
  Cisco Adaptive Security Appliance Software Version 9.2(3)
  Device Manager Version 7.3(3)
  Compiled on Mon 15-Dec-14 05:10 PST by builders
  System image file is "disk0:/asa923-smp-k8.bin"
  Thanks!

• 2008 Enterprise R2 : Image restore issue on domain contoller : LDP, DNS, NETLOGIN failed : failed test DNS

  Dear All,
  I need your help in order to resolve issue i got. I have domain controller, and additional domain controller in production and both were working fine untill i restore image on 'Domain Controller' and after that i was not able to browse 'AD'. I checked and
  came to know that NETLOGIN service was PAUSED. i fixed that issue but when i went to Additional Domain, that machine was not able to find Dmain. i realise that DNS/LDAP is not working. I run the command "DCDIAG /TEST:DNS" just to check the connetivy,
  and found DNS connectivity sissue on Main Domain controller. Please help me with the issue. 
  Window Server 2008
  Domain Main :   GTMAIN : 192.168.0.1
  Additional Domain Controller :   GTMAIN2 : 192.168.0.2
  Microsoft Windows [Version 6.1.7601]
  Copyright (c) 2009 Microsoft Corporation.  All rights reserved.
  C:\Users\Administrator> DCDIAG /TEST:DNS
  Directory Server Diagnosis
  Performing initial setup:
     Trying to find home server...
     Home Server = GTMain
     * Identified AD Forest.
     Done gathering initial info.
  Doing initial required tests
     Testing server: Default-First-Site-Name\GTMAIN
        Starting test: Connectivity
           Although the Guid DNS name
           (0d76309b-aebd-4f7e-b024-d0c3f380c1b1._msdcs.goldteam.co.uk) resolved
           to the IP address (87.82.208.116), which could not be pinged, the
           server name (GTMain.goldteam.co.uk) resolved to the IP address
           (fe80::5efe:192.168.1.1%12) and could be pinged.  Check that the IP
           address is registered correctly with the DNS server.
           Got error while checking LDAP and RPC connectivity. Please check your
           firewall settings.
           ......................... GTMAIN failed test Connectivity
  Doing primary tests
     Testing server: Default-First-Site-Name\GTMAIN
        Starting test: DNS
           DNS Tests are running and not hung. Please wait a few minutes...
           ......................... GTMAIN passed test DNS
     Running partition tests on : ForestDnsZones
     Running partition tests on : DomainDnsZones
     Running partition tests on : Schema
     Running partition tests on : Configuration
     Running partition tests on : goldteam
     Running enterprise tests on : goldteam.co.uk
        Starting test: DNS
           Test results for domain controllers:
              DC: GTMain.goldteam.co.uk
              Domain: goldteam.co.uk
                 TEST: Basic (Basc)
                    Error: No LDAP connectivity
                    Warning: adapter
                    [00000014] Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
  t)
                    has invalid DNS server: 192.168.0.100 (<name unavailable>)
                    Warning: adapter
                    [00000014] Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
  t)
                    has invalid DNS server: 212.135.1.36 (<name unavailable>)
                    Error: all DNS servers are invalid
                    No host records (A or AAAA) were found for this DC
                 TEST: Dynamic update (Dyn)
                    Warning: Failed to add the test record dcdiag-test-record in z
  one goldteam.co.uk
              TEST: Records registration (RReg)
                 Error: Record registrations cannot be found for all the network
                 adapters
           Summary of test results for DNS servers used by the above domain
           controllers:
              DNS server: 192.168.0.100 (<name unavailable>)
                 2 test failure on this DNS server
                 PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
  S server 192.168.0.100               Name resolution is not functional. _ldap._t
  cp.goldteam.co.uk. failed on the DNS server 192.168.0.100
              DNS server: 212.135.1.36 (<name unavailable>)
                 2 test failure on this DNS server
                 Name resolution is not functional. _ldap._tcp.goldteam.co.uk. fai
  led on the DNS server 212.135.1.36
           Summary of DNS test results:
                                              Auth Basc Forw Del  Dyn  RReg Ext
              Domain: goldteam.co.uk
                 GTMain                       PASS FAIL PASS PASS WARN FAIL n/a
           ......................... goldteam.co.uk failed test DNS
  C:\Users\Administrator>

  Thanks for the response.
  DC1 :Main Domain Contoller: Issue @ momemnt because of restore. seems to me DNS is working/responoding
  along wiht RPC but i can see that DNS service is started? 
  DC2 :Additional Domain Contoller: Healthy but i am not able to login on AD on that server becuase of
  below mentioned issue
  Naming information cannot be located becuase: the target principle name is incorrect
  I am confused that if i downgrade the DC1,
  how about if i am not able to recove AD?
  which process should i adopt?
  Thanks

• Firefox should allow users to maintain their zoom setting when switching to a different page, instead of going back to default every time.

  Page text appears very small on laptop while utilizing full resolution on a dell XPS laptop. Zoomed-in a notch or two it looks good. Readable without squinting. But browse to a different page, and its tiny all over again. Firefox, being the best browser on the web, should think about allowing users to maintain their zoom value when going to a different page, instead of going back to default. Just an idea... I know there's alot of laptops out there and if it's hard for me to read with good eyes, I'm sure it's hard for others.

  The Firefox Page Zoom feature does a domain by domain level of saving the users preferred zoom level settings, there is no default Page Zoom level setting in Firefox.
  Try the Default FullZoom Level extension: <br />
  https://addons.mozilla.org/en-US/firefox/addon/6965
  Or the NoSquint extension: <br />
  https://addons.mozilla.org/en-US/firefox/addon/2592/

• Allow users to manage and change Automatic Update settings

  Server SBS 2011 SP 1
  Couldn't find a thread that helped. Hoping to get some light on my situation.
  The client has users who they'd like to have full control of their client PCs Windows Automatic Updates. The users would like to go into Control Panel and check updates at will, set times for auto updates to their liking. I haven't found the appropriate
  GPO setting to allow users to change update settings. 
  Is that possible? Will creating an OU without a linked GPO and blocking inheritance provide the answer? 
  Thanks ALL! 

  Server SBS 2011 SP 1
  The client has users who they'd like to have full control of their client PCs Windows Automatic Updates. The users would like to go into Control Panel and check updates at will, set times for auto updates to their liking. I haven't found the appropriate
  GPO setting to allow users to change update settings. 
  Is that possible? Will creating an OU without a linked GPO and blocking inheritance provide the answer? 
  the dedicated SBS forums might bet better for your question (since SBS can be finicky about some settings)
  https://social.technet.microsoft.com/Forums/en-US/home?category=sbsserver
  It will likely depend upon how the implementation is currently setup (there could be various things in place, in a customised fashion).
  Basically, when using GPO to deploy WUAgent settings for WSUS, the user interface for WU is disabled for the end-user - this is how classic domain GP works, and is intended to work. (i.e. if the domain admin deploys a setting, end-users are unable to change
  that)
  You may be able to easily identify the relevant domain GPO that is delivering this setting, but you would (presumably) want to only change the single setting relating to AUOptions, and leave the other settings as they currently are (i.e. continue to use
  WSUS to serve the update approvals and update files/patches.
  Creating a new OU and not linking/inheriting, may cause other unintended effects/complexity.
  (it might be the only way to achieve your goal, but analysing which GPOs are carrying which settings, and then which GPOs you *do* need to be linked/inherited, will be an important step)
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Help! itunes 12 wont allow users to redownload past purchases all at once like it used to. Is there a way around this?

  Help! For some reason i-tunes 12 wont allow users to re-download past purchases all at once like it used to. Is there a way around this? It will only allow you to download what it calls "Recent Purchases" which in my case only would allow 250 items. I know i have at least 700 tracks if not substantially more possibly over 2000 tracks but I can't be sure. I don't know how to find that information, I've looked in itunes under the my account past purchases but id doesn't tell you how many total songs you have purchased or any relevant details. It only shows you small chunks of receipts by date but no total tracks purchased in an easy to view snapshot that I could find. The current support page says that if you have more then 2000 songs the "ALL SONGS" tab now listed above the left pan with all your purchased artists, will change to "Recent Purchases". IF apple changed this on purpose to stop user from downloading there entire library to cut down on bandwidth they have really upset me this time. At present the only way I can download all past purchases is by selecting each artist listed in the left pan one by one selecting the "Download ALL" button at the bottom right corner of the page at which point I have to input my apple password each time, which really slows things down. I have hundreds of artists and if this is the only way for customers to re-download there entire library this is ridiculous and really unnecessary to put customers through this kind hassle just to re-download all there past purchases when the whole idea of i-cloud is to make downloading and using your music simple, quick, and convenient on multiple devices. I know the old saying "your responsible for backing up your data" yeah I know that and I've been doing that for years when no one really should ever have had too. There is no reason a service that sells music digitally should not allow customers to be able to re download content purchased on there service regardless of the fact that people should just back up anyway as an extra precaution. Well sometimes backups fail like in my case and I have to re-download. No wonder paid subscription plans are so popular. You don't have to deal with any of these issues. I can only hope this is some kind of oversight by apple and will be fixed soon. Can anyone offer a quicker solution or any information about this issue? I would greatly appreciate any helpful assistance.
  Again this is for Windwos 8.1 x64 with Itunes 12.0.1.26

  After spending way too much time dealing with this issue myself, I discovered that you can:
  - Within "My Music", select all the songs you need to download (all w/ the cloud icon - use Shift-Click)
  - Right click and select download
  All songs will begin downloading from iCloud

• Question on how to Hide the User Name, Password, and Domain fields in the MDT Wizard

  MDT 2012 U1
  Deploying Windows 7 via Offline Media (ISO) to MS Virtual PC's
  I am looking on how to Hide the User Name, Password, and Domain fields which are prepopulated in the MDT wizard via the CS.ini (Not so concerned about the Domain field as I am User Name and Password)
  We do need the Computer Name and OU fields to be seen, so skipping the wizard is not a option
  The client just does not want these fields to be seen by the end users, they dont want them to even know the account name used for adding the machine to the domain, of course the password is not displayed but it must not be displayed either.
  But since we use the fields they must still  be fuctional just not seen.
  Thanks.....
  If this post is helpful please click "Mark for answer", thanks! Kind regards

  You shouldn't have to edit DeployWiz_Definition_ENU.xml. You should only need to add "SkipAdminPassword=YES" to the CS.ini file and your authentication information.
  Example:
  [Settings]
  Priority=Default
  Properties=MyCustomProperty
  [Default]
  OSInstall=Y
  SkipCapture=NO
  SkipAdminPassword=YES
  UserID=<MyUserID>
  UserPassword=<MyPassword>
  UserDomain=<MyDomain.com>
  SkipProductKey=NO
  SkipComputerBackup=YES
  SkipBitLocker=NO
  -Nick O.
  Nick,
  SkipAdminPassword=YES is for:
  You can skip the Administrator Password wizard page by using this property in the
  customsettings.ini.
  I am hidding the Username/Password/and domain field in the computer name Wizard pane which is read from the cs.iniDomainAdmin=xxxxx
  DomainAdminPassword=xxxxx
  DomainAdminDomain=xxxxxx
  JoinDomain=xxxxxx
  If this post is helpful please click "Mark for answer", thanks! Kind regards

• Copy select value in the textfield from LOV and allow user to edit it

  Hi,
  I have a datablock with 20 records and each record has comments (say field_comments) fields. I would like to allow user to choose predefined comments populated from LOV (say lov_comments) and to append some extra comments after they choose the value from LOV.
  I have created a LOV and added Return type “field_comments” in the column mapping properties. When user clicks on a button, LOV opens up. They select the value from the LOV and the value goes to “field_comment” field. The problem with this approach, user can’t add their comment after selecting from LOV.
  I tried this way too. I created another non-visible textbox (say dummy). In the LOV, I added “dummy” field as returntype. In the dummy field, I have created “POST-CHANGE” trigger which basically says :block. field_comments = :block. Dummy.
  But, the user has to click on other field to view the selected value from the LOV. The values in the “field_comments” is not updated as soon as user click on “OK” button in the LOV.
  I would appreciate it if somebody could give me some input and help to solve my issue. Thank you for your help.
  Thank.

  Well, I tried exactly what you posted and it allowed me to SELECT from LOV and then CHANGE/APPEND new text in front of returned value in the field. It saved to the database and queried without any problems.
  Is your item allowed to INSERT/UPDATE ? If not, then set "Update/Insert Allowed" properties to Yes and attach your LOV to the item and set "Validate from list" to No.
  You may also see if you have any validation being performed on WHEN-VALIDATE-ITEM or POST-CHANGE trigger which will fail since you are editing the values populated from LOV.
  Hope it helps!

• How do i allow users to change their oracle password?

  Please help.
  I need a procedure/module in my forms6 to allow users change their oracle database passwords. I am using Oracle 8.0.6.
  thanks for a reply

  SEND YOUR EMAIL SO I CAN SEND YOU A COMPLETE
  FORM HOW TO CHANGE THE USER PASSWORD
  MARK

• How can I allow users to view any Wiki Pages inside my enterprise wiki site collection, as PDF files

  We are working on an enterprise wiki site collection, and users start adding wiki pages and link them together. But a new requirement was raised by the customer, to allow users to be able to convert any wiki page to pdf file and save the pdf file to their
  local PCs. They are suggesting to add a link or an option inside the upper ribbon , named “Make as PDF”, and once clicked they can view the current wiki as a pdf file.
  Not sure what are the capabilities of SharePoint 2013 to do so ? and is there any third paryt tools that allow doing similar tasks ?
  Thanks

  If you want to save as PDF, could you not use a PDF printer, so the procedure would be to 'Print this page' and the user then selects their PDF printer and where they want to save the file.
  but in this way the user will have the page header footer, left navigation included in the pdf file. while i want to extract the body only. i so not think you apprach will work for my requirements

• How to use CSACS 3.3 to authenticate users from multiple windows domain?

  Can Cisco Secure ACS 3.3 be used to authenticate users from another Windows domain that is not a child nor a trusted domain???
  hello, here is my scenario:
  ACS 3.3 was installed on a member server on domain1. I need to authenticate and ultimately populate the users into ACS from another domain. The service already works perfect on just domain1, but now I need to authenticate users from another domain.
  And adding those domains as trusted domains in domain1 is not an option.
  Is Generic LDAP my only other option? Any config guides that you guys know with regard to doing this?
  Any input is much appreciated.

  Hi Betcy,
  I am not familiar with sharepoint solutions, but as you mentioned about windows credentials I believe it refers to kerberos tokens. On this case you can take advantage of SPNego authentication.
  You can find more details on following SAP note:
  #[1488409|https://service.sap.com/sap/support/notes/1488409] - New SPNego Implementation
  I hope it helps.
  Kind regards,
  Lisandro Magnus

• How to allow users to mount a Samba shares on a WXP

  Through lots of reading I've managed to get an understanding of how to mount SMB shares at bootup by placing the proper edits in /etc/fstab. While having the shares of the server, running Contribs.org SME Server 6.01 (recently known as Mitel SME Server) and acting as a samba server, being mounted at startup is perfect since the server is always on. This is not the best idea for the XP workstation since it isn't always on. Here is a copy of my present fstab file with x's replacing the passwords.
  fstab               [B---]  0 L:[  1+19  20/ 21] *(1085/1086b)= .  10 0x0A
  # /etc/fstab: static file system information
  # <file system>        <dir>         <type>    <options>          <dump> <pass>
  none                   /proc         proc      defaults            0      0
  none                   /dev/pts      devpts    defaults            0      0
  none                   /dev/shm      tmpfs     defaults            0      0
  tmpfs                  /tmp          tmpfs     defaults            0      0
  sysfs                  /sys          sysfs     defaults            0      0
  usbdevfs               /proc/bus/usb usbdevfs  defaults            0      0
  /dev/cdroms/cdrom0     /mnt/cd   iso9660   ro,user,noauto,unhide   0      0
  /dev/cdroms/cdrom0     /mnt/dvd  udf       ro,user,noauto,unhide   0      0
  /dev/floppy/0          /mnt/fl   vfat      user,noauto,unhide      0      0
  //192.168.2.2/stuff    /mnt/silicon2 smbfs username=kingnubian,password=xxxxxxx,user
  //192.168.2.105/e-smith   /mnt/silicon1 smbfs username=kingnubian,password=xxxxxxx,users,noauto
  /dev/discs/disc0/part5 swap swap defaults 0 0
  /dev/discs/disc0/part1 / xfs defaults 0 1
  I would like users with an account on the Linux box to mount the remote share on the XP box without needing to SU and consequently need the root password. When trying now to mount "e-smith" (The share on the XP box) as a user using "mount /mnt/silicon1" I get a message about needing to be SU.

  To allow users to mount smb shares you need to make smbmnt suid:
  # chmod +s /usr/bin/smbmnt
  Note however that the user needs to own the directory used as mountpoint. So I don't know how to make 'mount /mnt/silicon1' in your setup work for all users.
  For the users to be able to unmount the smb shares as well you need:
  # chmod +s /usr/bin/smbumount
  Now users can do 'smbmount //server/share mountpoint -o username=whatever' or simply 'mount mountpoint' if the details are specified in fstab. To unmount root can do 'umount mountpoint' or users can do 'smbumount mountpoint'.
  Don't confuse smbmount with smbmnt - the first is the command you use to mount shares manually, the second is the one that should be suid and is used both by smbmount and by mount -t smb.
  Hope this helps.
  -bogomipz

• How can I create a link that allows users to convert a Wiki pages into PDF format.

  I am working on an enterprise Wiki library site collection, but I want to create a link named “Convert to PDF” , which allow users to convert the current Wiki into a pdf file. I need this link to be displayed some where in all the exsiting Wikis pages, and
  on any new wiki page. Can anyone advice if there is already such as capability within sharePoint 2013.
  Thanks

  Hi,
  For your requirement, we can add this link to the master page, then it will appear in the pages which apply this master page.
  To convert the current page to PDF, you can take consideration of using jsPDF.
  The links below with demos for your reference:
  http://parall.ax/products/jspdf
  Best regards
  Patrick Liang
  TechNet Community Support