B1WS remote login. Public IP.

Hi all,
We're developing an application for reading/writing information from/to a SAP BO server over internet (we have some applications that works fine when we have a LAN).
In this case the server has an static public IP and we can't login using B1WS. We think that this could be a limitation but it would be a problem. Has anyone information about this?
Kind Regards,
Nauzet Díaz
Edited by: Nauzet Diaz on Jun 14, 2010 11:42 AM

Hi again Trinidad,
We have checked security and permissions in IIS and we haven't find any solution.
We have created a workaround to fix the issue because we think that the problem comes when login method tries to access to license manager IP.
We have implemented a new web services, on the same machine than B1WS and license manger, that only calls the B1WS login and returns the id. After this calling we use the B1WS normally with this ID without any problem. I don't know if this could cause any problem but seems ok.
Finally i don't know if you could help us with this question:
Muchas gracias por tu ayuda Trinidad.
Kind regards,
Nauzet Díaz

Similar Messages

Remote login via ssh and public keys

I'm not exactly a UNIX expert, but I need to be able to remote login to my PowerBook. The problem with enabling ssh is that as soon as I'm on campus, all kinds of nefarious hosts try brute force attempts to crack my password. I've heard that public/private key logins are the answer, and I've managed to get the public key in the right place on my PowerBook (the private key resides on my iPhone, from which I'll be logging in). But I have two questions:
1) How do I disable logins via user/password?
2) When I use my private key, I'm asked to enter the password for the key -- ssh isn't properly storing that password. I've checked permissions, but how can I get ssh to store that password, as it should?

1) In Sharing > Remote Login, do I still need an account listed to be able to use ssh logins with a public key? I ask because currently (i.e. password authentication enabled), when no accounts are listed, login via public key doesn't work. In other words, an account has to be listed for public key logins to work.
Yes you still need an account name to login to that computer. However you don't need to specify an account in the sharing preferences. You can lock down the security further by limiting which user accounts can login via ssh.
by default if you don't specify a username when you login it will use the username of the device your logging in from. So to use an alternative login name you would use
ssh [email protected]
whereas john can be anyname or your choosing.
Put another way: if turn off password authentication for ssh in sshd_config, how should Sharing > Remote Login be configured?
If you turn off password authentication you still need to allow your user account to login via ssh in the sharing preferences or you can allow all.
2) According to that MacOS X Hints article:
"Leopard has now a built-in support for SSH authentication with public keys.
OSX has been able to use ssh public key authentication since day 1 of the beta release of osx. It is not new to leopared it has been around for years.
Just open Terminal and ssh to your public-key-enabled server. A Keychain window appears, proposing you to enter the pass phrase, and then remembering it in your keychain. "
I have not used this functionality as I don't use any passwords for ssh logins.
They're talking about the password associated with the key. But on second thought, that password is being saved on the client, not the server, right?
I am sure this is the case.

Open a UNIX terminal (with a remote login session) on JButton click

All,
-- The domain of this problem blurs the line which decides if this question has to be posed on a Java swing audience or a UNIX forum. To understand this problem apart from being a Java swing person, you would also need to have a basic understanding of UNIX concepts such as gnome-terminal, xterm and rsh --
I am creating a network monitoring GUI which has a JTable having many entries that pertains to various system information about nodes in a network. I have overridden the default cellEditor in the table with a custom TableCellEditor (camickr's archive) and have a column containing JButtons labelled with hostnames.
Now, when a user clicks on any of these buttons, I would like to open up a terminal (xterm or /usr/bin/gnome-terminal) followed by executing some commands on this NEW terminal shell. In other words, I would like to automate this process as if the user opens a terminal and then keys in commands to rsh into the remote host by specifying the hostname (which is the label on the JButton) and finally provide the user with this state, from where on she takes control on that remote login session.
I tried searching through various previous posts. I did find a related one:
http://forum.java.sun.com/thread.jspa?threadID=5180094&messageID=9699614#9699614
But I still have difficulty in getting my problem solved.
The following statements are executed when one such button (labelled by a hostname) is clicked:
public void actionPerformed(ActionEvent e) {
 String hostname = e.getActionCommand();
 fireEditingStopped();
 System.out.println( "probing: " + hostname); //This appears correctly on the console
 Process p;
 try {
 p = Runtime.getRuntime().exec("/usr/bin/gnome-terminal");
 BufferedReader in = new BufferedReader(new InputStreamReader(p.getInputStream()));
 BufferedWriter out = new BufferedWriter(new OutputStreamWriter(p.getOutputStream()));
 out.write("rsh -l root "+hostname); //attempting to remote login in the NEW shell (terminal)..... I guess :|
 } catch (IOException e1) {
 // TODO Auto-generated catch block
 e1.printStackTrace();
.I guess I am not having control on the new terminal. Is there any way I could control the newly spawned shell?
Appreciate,
Rajiv

Alright...
assuming gnome-terminal is in /usr/bin path,
/usr/bin/gnome-terminal -e "<command>"
would solve this problem

Osascript for remote login does not work with Leopard

We are testing Leopard on one computer in our labs. The only problem so far is that the osascript that we use to remote login to the computers stopped working (although it works fine on the Tiger machines):
osascript <<EndOfMyScript
tell application "System Events"
keystroke "public"
keystroke tab
delay 0.5
keystroke return
keystroke tab
delay 0.5
keystroke return
keystroke return
end tell
EndOfMyScript
This is a public account with no user password. I've read the discussion below, but have not been able to tweak the command so that it works with Leopard. Any suggestions?
Thanks.
http://lists.apple.com/archives/Remote-desktop/2007/Nov/msg00045.html

I'm having a similar problem - the script below works with my G5 iMacs running 10.4.9 but not the Intel iMacs running 10.4.8. It almost works - the username and password appear in the right boxes, so I run around the room pressing the Return key.
# This script when used with ASR Send UNIX command will login workstations at the LoginWindow.
# The script assumes that the cursor is focused in the Name field.
osascript -e 'tell application "System Events" to keystroke "username"'; \
osascript -e 'tell application "System Events" to keystroke tab'; \
osascript -e 'tell application "System Events" to delay 0.5'; \
osascript -e 'tell application "System Events" to keystroke "password"'; \
osascript -e 'tell application "System Events" to delay 0.5'; \
osascript -e 'tell application "System Events" to keystroke return'
Message was edited by: Catocop

JAAS J2EE Remote Login

How can i login to a remote SAP NetWeaver 6.40 SR1 j2ee server?
I try this:
LoginContext vLContext = new LoginContext("SAP-J2EE-Engine", new ABSCallbackHanlder("id", "psw));
vLContext.login();
and this work fine if this run under the web container.
But if is used from a external client (on other machine), this exception occurs:
Caused by: java.lang.SecurityException: Unable to locate a login configuration
 at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:97)
I have the jndi.properties in classpath.
Using JBoss the system properties "java.security.auth.login.config" must be set to the auth.conf file.
I think that for SAP i need to do it also, but i don't find this kind of configuration file.... Where i can find it?
Thank You
Roberto
ABSCallBackHanlder is:
 public class ABSCallbackHanlder implements CallbackHandler
 protected String iUserName;
 protected String iUserPassword;
 public ABSCallbackHanlder(String aUserName, String aUserPassword)
 iUserName = aUserName;
 iUserPassword = aUserPassword;
 public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
 for (int i = 0; i < callbacks.length; i++)
 if (callbacks instanceof TextOutputCallback)
 TextOutputCallback toc = (TextOutputCallback) callbacks;
 switch (toc.getMessageType())
 case TextOutputCallback.INFORMATION :
 System.out.println(toc.getMessage());
 break;
 case TextOutputCallback.ERROR :
 System.out.println("ERROR: " + toc.getMessage());
 break;
 case TextOutputCallback.WARNING :
 System.out.println("WARNING: " + toc.getMessage());
 break;
 default :
 throw new IOException("Unsupported message type: " + toc.getMessageType());
 else if (callbacks instanceof NameCallback)
 NameCallback nc = (NameCallback) callbacks;
 nc.setName(iUserName);
 else if (callbacks instanceof PasswordCallback)
 PasswordCallback pc = (PasswordCallback) callbacks;
 pc.setPassword(iUserPassword.toCharArray());
 else
 throw new UnsupportedCallbackException(callbacks, "Unrecognized Callback");

Hi Roberto,
AFAIK, to do a remote login you need to use the RemoteLoginContext instead of the pure JAAS LoginContext. For more details you can have a look at this page in the documentation: http://help.sap.com/saphelp_nw04/helpdata/en/ac/ce417acc9a4d48aa52fa562cb9b194/frameset.htm
Hope that helps!

Remote Login attempt

I followed the instructions on the following web site:
http://www.mactech.com/articles/mactech/Vol.20/20.07/VNCOverSSH/index.html
That gave me the ability to do a remote login over my local network. However, if I attempt to login over the Internet, I get the following message:
Please configure Apple Remote Desktop to allow VNC Viewers to control the screen.
Unknown authType 30,35
There is no Apple Remote Desktop in Systems Preferences on my computer that I know of. In the Sharing Pane of Systems Preferences, there is an item named Remote Management with a “Computer Settings” button that has a checkbox item “VNC viewers may control screen with password.” Checking this item doesn’t appear to correct the problem.
Both remote and local Macs are running OS 10.5.6. Any ideas?

if I select Remote Login - SSH (which is what I think I need), the default port is shown as 22. Changing the 22 to 5900 is what made it possible to do remote control over the Internet. But, does that mean I no longer have an SSH tunnel for security? I was under the impression that Port 22 is the port used for SSH.
ssh by default connects via port 22. VNC by default connects via port 5900.
ssh will provide a secure encrypted connection. VNC will send everything INCLUDING the password in clear text across the internet where anyone can steal it!
So, yes, if you forward port 5900 to your Mac and have your VNC client connect directly to port 5900, then you can skip the ssh part. But just so you are aware that everything you do over that connection can be observed, and the password can be stolen. Which means someone could then connnect to your Mac via the stolen VNC password and do whatever they wanted.
The odds of someone stealing your VNC password, are in direct proportion to where you make your connection. If for example you make it from your own property where only you are allowed to use your ISP connection, then it is unlikely as long as you have a good WiFI encryption (WPA), or similar location where you know the network setup is secure.
If you are going to be doing this from a public WiFi location; coffee shop, hotel, etc... then anyone could sniff your network traffic and steal that unencrypted VNC password along with your connection information.
Here is what I do. I have a high numbered port on my Airport Extreme base station forwarded to my Mac's port 22. I then make an ssh connection to my home and establish a VNC tunnel
ssh -p 23456 -L 5909:localhost:5900 [email protected]
It then make a VNC connection to
localhost:5909
This tells my VNC client that the local end of the ssh tunnel port 5909 is what I want it to connect with. The ssh tunnel will then encrypt all traffic to my home over the established tunnel and deliver that traffic to my home Mac's port 5900 where my home Mac's VNC server is listening.
ssh has encrypted everything, including the password exchange.
As an added bonus, I can establsh ssh keys which allow me to skip the password and instead exchange very long *ssh keys* which is even more secure.
The use of the high numbered port cuts down on attempted breakins to know ports. It is mostly noise, but it is noise I do not need to subject my Airport Extreme and my Mac's TCP/IP stack to.

Remotely login to cRIO wireless

Hello,
I am trying to find a way to remotly login to my cRIO wirelessly. I am hopeing to have the cRIO deployed in a remote location, which has no network access, and to be able to access the cRIO in some way. I tried with the SEA 3G module but that needs a public IP address from the SIM card and Ireland only provide private IP addresses, so that will not work. Getting a SIM with a public IP address from another country works out to be very expensive.
Is there another way to remotely access the cRIO? Does anyone know of another company that has similar equipment to SEA or some other solution?
Thanks,
Chris

Hi chris774,
For a plug and play solution it seems that the SEA products are the only ones in the market (for time being at least). Have you checked other GSM modules they sell?
For instance, the 9703 card they sell is based on 2G, so it might possibly not require a public address, but I can't say exactly and it might be worth getting in touch with them and asking for any possible workaround as it's a 3rd party product.
Also you might try implementing other possible mobile platforms, for instance, a satellite communication modem from Iridium Communications Inc. such as this one: http://www.iridium.com/products/Iridium9602.aspx?productCategoryID=2
That being said their data plan prices might be even more costly, but it's hard to say without contacting them directly and discussing your application.
Mark N
Applications Engineer
National Instruments UK & Ireland

Multiple Desktops when remote login?

Hi, is there a way that I can remotly login with two different users and have each one an own GUI desktop?

Sounds like you want Terminal Services.
Checkout:
http://www.aquaconnect.net
http://www.coderebel.com/products/irapp-terminal-server
I think that it is still early days for Terminal Services on Mac but take a look it might be able to do what you need.
David Lee
http://www.allgraphicsit.co.uk

Screen Sharing and Remote Login suddenly stopped working

I have had Screen Sharing and Remote Login turned on on my iMac for several weeks and they have been working fine up until now. I have been accessing the computer via VNC programs and command-line ssh logins from other computers on the same local network. When I tried to connect today, i was given the following error message.
ssh: connect to host xxx.xxx.xxx.xxx port 22: No route to host
I have all of the required settings turned on in System preferences and there are no firewalls or router settings blocking it. I connected the two computers together via ethernet cable and the error message still occurred.
I can ssh from the machine to 127.0.0.1, so the ssh server is running. I can ssh to other locations from the laptop i am attempting to connect with, so that's not the problem either. I just spent an hour on the phone with the apple tech support line and they couldn't figure anything out either. Can anybody figure something out?

have you tried the obvious - restarting the computers involved and the router?

Remote login in SM51 Fails / ECC 6.0 / HP-UX / Oracle 10

Hi All,
We had a cluster, 4 physical servers / 14 SAP Instances / HP-UX - Oracle 10G / ECC 6 EHP 3.
Basically we have a general RFC problem in the system. You can reproduce it simply in transaction sm51: In most of the instances whenever you try to change to an instance that has the same instance number than the one you are logged on at this moment, you will come back to this instance, e.g.:
you are logged on at host1_SID_01, start sm51 and try to change to the instances:
host2_SID_01,
host3_SID_01 or
host4_SID_01
(or you try to display the system log or other). You will see (System - Status) that you don't change to these instances but will stay on host1_SID_01.
We found the SAP Note 662895 - Remote login using SM51 Fails. In this note they refer to the error: "Transaction termination 14 025".
Now we have this error (we upgraded from SAP 46C with another error in sm21).
The problem is that we really donu2019t understand exactly what they want to do in the SAP Note 662895:
Summary
Symptom
Remote login in SM51 by double-clicking R/3 instances fails
Solution
You can use transaction SM51 to log in to another application server using RFC, without entering a password. Server "A"
Server "A" Server "B"
 <--Remote logon via RFC <--
GUI
 sm51
Double-click on the server B entry --->
If host name "B" was entered on server "A" as the gw/alternative_hostnames profile parameter, the local SAP gateway from server "A" is used when you log on to server "B". This results in the syslog message "Transaction termination 14 025".
The same error occurs if you try to open a new external mode on server "A".
Who is the origin server? Host A? Host B? In fact sometimes you can go from A to B and vice versa. So changing the gw/alternative_hostnames parameter doesn't appear to be a solution.
I would appreciate some tips about this Note / Problem.
Best Regards,
Erick Ilarraza

Hello, thanks a lot for your replyes.
Abhijeet Siras, the command /etc/ping <host> works prefectly.
Sergo,
Exactly we have 3 host each one with 4 dialog instances. 1 host with 2 dialog instances and one host with the central instance.
Not all instances have this problem, only the following combination:
 Origin Destination
host4_SID_01 - > host1_SID_01
host2_SID_03 - > host3_SID_03
host1_SID_01 --> host3_SID_01
host1_SID_02 --> host3_SID_02
host1_SID_03 --> host3_SID_03
host1_SID_04 --> host3_SID_04
host2_SID_01 --> host3_SID_01
host2_SID_02 --> host3_SID_02
host2_SID_03 --> host3_SID_03
host2_SID_04 --> host1_SID_04
host2_SID_04 --> host3_SID_04
host3_SID_04 --> host1_SID_04
host4_SID_01 --> host1_SID_01
host4_SID_02 --> host1_SID_02
host4_SID_02 --> host2_SID_02
host4_SID_02 --> host3_SID_02
The problem is between *_NUMBER to *_NUMBER!
For example from Dialog Instance 3 running on host 2 to Dialog Instance 3 running on host 3
For example host4_SID_01 means the Dialog Instance 1 running on host 4.
Best Regards,
Erick Ilarraza

What is the best way to remotely login to another Mac?

My mother & I recently decided to take the plunge from the PC world to Apple world. I have an MBP w/ OS X 10.8.2, and she has the same w/o the recent OS upgrade (10.7.?). While we're both still at the bottom of the learning curve, I'm a little further ahead and am constantly running over to her place to trouble shoot/assist her with the transition. I've been researching ways to remotely login to her computer and am now more confused than when I started. Can anyone point me in the right direction? I basically want to be able to login to her system and takeover as if I were on site. And, while I don't know if my research, thus far, has brought me any closer to a solution, it has raised a few questions:
1) Do I simply want to go with 3rd party sofware like Logmein and will the free versions be sufficient or are they just trial offers?
2) Or is ARD my best option and am I right in assuming we'd each have to pony up the $80 for installs on both MBPs?
3) Some of the discussions talk about much more expensive ARD fees with multiple licenses. Am I correct in assuming these are meant for network administrators and wouldn't be necessary for my purposes?
4) I noticed a free VCN version available from the App Store but came accross posts which seem to indicate possible security issues. Are these valid concerns and does ARD address them?
5) Will I run into problems because we're using different OSs?
6) I attempted to follow instructions for an "ssh" remote login that I found by doing a search of 'remote login' under the Apple Support. But when a password was requested, I didn't seem to be able to enter one into the command line. Again, I'm new to Macs, but the cursor didn't move when I entered characters, so I was left wondering whether characters were being entered or whether this is Appple's '*****' feature used to guard passwords. Either way, after 3 attempts, my efforts were repeatedly terminated. Unfortunately, I'm not even sure I was entering a valid password as the article I'm referring to didn't specify how to set a password. I used a VCN password I had set up under the Remote Management option in the Sharing utility under System Preferences. I'm assuming this was the password they were looking for but couldn't be 100% sure as the instructions I followed were not related to "ssh" logins nor were they from Apple Suppot. Anyway, is this "ssh" login worth pursuing and does it function independently or does it only work in conjuction with ARD? If it is a stand alone solution, where can I go for better guidance? The Apple Support link I used was: http://support.apple.com/kb/PH1112.
7) Being recovering Windows users, we both have MS Office for Mac 2011 which has MS's Remote Desktop Connection app. But from reviewing a few posts, it looks like that comes with it's own set of issues. It also kind of defeats the purpose as I'm trying to wien myself off of MS. But if someone out there has experience and suggests this as the "ultimate" solution, I'm willing to listen.
I know I've babbled on quite a bit and I don't actually expect anyone to take the time to answer all of my questions. But I'm hoping I might get a collective answer, and more importatnly, I'm really hoping to narrow the field and get generally guidance on the best Mac-to-Mac remote login solution. Thanks in advance for any advice.

Hi gregory,
It is a big subject, and the following article sets out various options.
http://www.macworld.com/article/1152611/remoteaccesintro.html

Is there a way to access remote login and screen sharing logs?

I have a very high suspicion that my macbook air has been accessed through remote login. Here's what happened. I closed my macbook air, letting it sleep, and left my house. After coming back I found it logged into the Guest account (which I didn't know was enabled). Remote login, Remote sharing and file sharing were enabled but I disabled them. I can't remember enabling them but maybe I did.
I am also on a local network with about 8 other devices connected. I looked through /private/var/log/system.log but couldn't find anything concrete. I have yet to log out of the guest account and have connected to another internet connection just to be on the safe side.
My other user account is passworded and I could switch back to it from guest.
So if my macbook was accessed through remote login, is there a way to tell from what IP address it came from?
Please help me get to the bottom of this.

May 20 13:03:44 XXXXXXXX-MacBook-Air.local loginwindow[51]: ERROR | ScreensharingLoginNotification | Failed sending message to screen sharing GetScreensharingPort, err: 1102
May 20 13:03:44 XXXXXXXXMacBook-Air.local loginwindow[51]: USER_PROCESS: 51 console
May 20 19:11:14 XXXXXXXXXXX-MacBook-Air.local loginwindow[51]: ERROR | ScreensharingLoginNotification | Failed sending message to screen sharing GetScreensharingPort, err: 1102
I guess if it did happen it would have said so. Thanks anyway.

Getting ssh_exchane_identity error when trying to login from my machine or a remote one. Already enabled remote login

I updated my system from Snow Leopard to Lion 7.3.1
Wanted to login from remote computer and then enabled the remote login in Preferences/Sharing, but when trying to login I get the error ssh_exchange_identification also if I try to login from my machine with ssh username@localhost.
I tried all what I could find on internet forums, but nothing changed.
Please help!!
Daniela

Hi Linc
here is the output of ssh -vvv localhost
OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug3: Not a RSA1 key file /Users/danielamaurizio/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /Users/danielamaurizio/.ssh/id_rsa type 1
debug1: identity file /Users/danielamaurizio/.ssh/id_rsa-cert type -1
debug1: identity file /Users/danielamaurizio/.ssh/id_dsa type -1
debug1: identity file /Users/danielamaurizio/.ssh/id_dsa-cert type -1
ssh_exchange_identification: Connection closed by remote host
[1]+ Done edit sshd_config
The following line comes from /var/log/secure.log
May 23 04:59:46 <danielamaurizio> sshd[2267]: fatal: /var/empty must be owned by root and not group or world-writable.
but I'm not sure if it's want you asked me; the owner of /var/empty is root of group sys.
By the way I had a problem that Lion cancelled the owner root and I had to use System Preferences User and groups to add root again, with the result that now I can use only the comman "su root" and not "sudo anycommand" anymore.
Thanks for halp and cheers
daniela

Can't download files -even the support center's remote login appl won't download; web sites like USA Today will not open; etc.

This all started by certain sites not opening, like USA Today; Intellicast.com. Installed Maverics yesterday successfully and the web sites very briefly worked and then starting failing again. Called tech support and couldn't download their remote login code. From Safari's viewpoint thought there might be a problem with Adobe Flash. So deleted that and then tried to download the installer code from Adobe and that wouldn't download. Suggestions would be appreciated.

Firefox can find plugins in several locations, but Firefox 21 changed the location of the "shared" plugin folder so older installers like the Microsoft Windows Media Plugin no longer drop the DLL file in the correct location.
There apparently are two ways to address this:
(1) Change a Firefox preference so that Firefox checks the old location. Here's how:
(i) In a new tab, type or paste '''about:config''' in the address bar and press Enter. Click the button promising to be careful.
(ii) In the filter box, type or paste '''plugins''' and pause while the list is filtered
(iii) Double-click '''plugins.load_appdir_plugins''' to switch its value from false to true.
This will take effect after you restart Firefox.
(2) Copy the plugins folder to the new location. Here's how on Win 7 64-bit:
Open a Windows Explorer window to:
C:\Program Files (x86)\Mozilla Firefox
Right-click and copy the '''Plugins''' folder
Double-click the '''browser''' folder to open it
Right-click and paste
Right-click the new copy of '''Plugins''' and rename it to '''plugins'''
After restarting Firefox, the plugins in that folder should now be available.
''Edit: I suggest just doing #1.''

The connection was denied because the user account is not authorized for remote login

Using Terminal Server 2008 not able to get non administrator users to login to the remote desktop. Have tried from Windows server 2008 and from Windows servers 2003. Get error login in "The connection was denied because the user account is not authorized for remote login" from Windows Server 2008. Error "The requested session access is denied" from Windows Server 2000.

Is that seriously the only way to do this? Doesn't this render the "Allow log on through Terminal Services" GP Setting useless?
I would like to know this answer, as well. I have created a new AD group for my assistant admins called "Domain Admins (limited)". I have added this group to the GP setting "Allow log on through Terminal Services", but the
assistant admins cannot log in through RDP. It 'feels like' this is all I would need to do.
Craig
Found some good info
here. There are really two things required for a user to connect to a server via RDP. You can configure one of them via Group Policy but not the other.
1) Allow log on through Terminal Services can be configured through Group Policy, no problem.
2) Permissions on the RDP-listener must also be granted. If your user is a member of the local Administrators group or the local Remote Desktop Users group then this is handled. If you are trying to utilize a new, custom group (as I am),
then there isn't a way to do this via group policy (that I have found).
EDIT: Found the answer. I am creating a blog post to outline the steps. They aren't hard, but they're not self-explanatory. It deals with the Restricted Groups mentioned above, but it's still automate-able using Group Policy so that you
don't have to touch each computer. I think the above poster (Andrey Ganev) got it right, but
I had trouble deciphering his instructions.
Here is my blog post that walks through this entire process, step-by-step.

B1WS remote login. Public IP.

Similar Messages

Maybe you are looking for