Remote Desktop user rights assignment

Similar Messages

• My remote Desktop Users service is disabled

  Dear all,
  i need your help i have a windows server 2008 and when i restart i get my "allow users remote desktop" disabled and when i change it and then restart i get it disabled again i suspected there is a GPO that is doing that but when i run the gpresult i did
  not get any GPO changing the local group policy then i suspected that there is a start up script that is doing changes to the registry but still not
  i really what to know whats making this policy disabled
  thank you  

  Hi,
  Please try to use rsop.msc to see the following policy setting configured correctly:
  For details:
  Allow users to connect remotely using remote desktop Services
  ===========================================
  1.  Computer Configuration ->Policies ->Administrative Templates ->Windows Components ->remote desktop Services ->remote desktop Session Host ->Connections ->Allow users to connect remotely using Remote Desktop Services
  Restrict Group
  ==========
  1. Computer Configuration -> Policies -> Windows Settings -> Security Settings
  2. Right-click Restricted Groups, and then click Add Group.
  3. Click Browse, add Remote Desktop Users, click Ok.
  4. Add the members  what you want.
  Allow log on through Terminal Services(RDS on DC)
  ==========================
  Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment -> Allow log on through Terminal Services
  Hope this helps!
  Best Regards
  Elytis Cheng
  Please remember to click “Mark as Answer” on the post that
  Elytis Cheng
  TechNet Community Support

• Can't change search options in Outlook 2007 on Windows Server 2008R2 Remote Desktop Users

  One of my users is trying to change search options in Outlook 2007.
  But he can't change the search options.
  He is working with Outlook 2007 on Remote Desktop Services 2008 r2.
  We doen't use cache mode on terminal server.
  Any sugesstion how we can enabling search options for remote desktop  users ?

  Hi Roel,
  Thank you for posting in Windows Server Forum.
  To customize Instant Search options by using Group Policy 
  - In Group Policy, load the Office Outlook 2007 template (Outlk12.adm).
  - To customize how results are displayed, under
  User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options\Preferences\Search Options, double-click the setting that you want to set. For example, double-click Turn off wordwheel.
  - Click Enabled. For hit highlighting color, choose a color from the Background Color drop-down list.
  - Click OK.
  More information.
  Configure Instant Search options in Outlook 2007
  http://technet.microsoft.com/en-in/library/cc178983(v=office.12).aspx
  In addition, perform below steps to edit the registry key and check.
  Step 1: Open the Registry Editor application.
  Step 2: In the Registry Editor, click the Edit menu and select Find. Type PreventIndexingOutlook in the search field and click Find Next.
  Step 3: Right click PreventIndexingOutlook and select Modify. Change its Value data to
  0 and click OK.
  Step 4: Search again by clicking the Edit menu and select Find. Type SetupCompletedSuccessfully in the search field and click Find Next. Locate this key.
  Step 5: Right click the SetupCompletedSuccessfully key and select Modify. Change its Value Data to 0 and click OK.
  Step 6: Restart your computer and you will now be able to perform advanced searches in Microsoft Outlook.
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Remote desktop users lost overnight on windows server 2008 R2

  We set up a group in active directory to allow certain users access to this Virtual Machine.
  I am able to go into the the remote Users of the VM and add this group from active directory.
  Every Morning i have to re-add this group as it has gone at some point. There is nothing i can see that would cause this.
  Would anyone have any suggestions?
  Thank you,

  Hi,
  According to your description, it seems that the domain Users added in the remote desktop users group disappeared after the reboot, right? What are the operating systems of the clients and server?
  In addition, you can try to add domain users to the Remote Desktop Users Group via Group Policy to see if the issue persists. For more detailed information, please refer to the link below:
  How to add "Domain Users/Group" to Remote Desktop Users group on Servers using
  Group Policy ?
  Best regards,
  Susie

• Remote Desktop Service Manager - configure permissions for Remote Desktop Users to Send Message, Disconnect, Logoff

  Hello, dear colleagues.
  We are using Windows Server 2012 R2 as Remote Desktop Server. Also use Windows Server 2008 R2 with Remote Desktop Service Manager to control RDS user sessions (Send Message, Disconnect, Logoff, Query Info). 
  Send Message, Disconnect, Logoff options works only for users in Administrators group.
  I can't to configure permissions for Remote Desktop Users, specific user or AD group. 
  To set permissions I'm running RDS Host Configuration on Windows Server 2008 R2 and connect to Windows Server 2012 R2. Then double-click
  RDP-Tcp, Security tab, add specific user account , AD group or configure
  advanced permissions
  for Remote Desktop Users.  
  But, as I sad above, these options works only for users in Administrators group. How to make it work for Remote Desktop Users or specific user, AD group?
  Thanks.
  P.S. If move specific user from Remote Desktop Users group to Administrators group on
  Windows Server 2012 R2 - it works. 

  Hi,
  You can prevent administrators from changing the permissions for a connection by applying the
  Do not allow local administrators to customize permissions Group Policy setting. 
  This Group Policy setting is located in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security
  Apart there is one command with which you can set the permission for that check the related
  article. Additionally checkthis
  thread for more detail.
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• User Rights Assignment should WLi have

  Hi:
  No matter what system user I try to use I can't start the WLserver for WLi.
  What am I missing? or what rights should be assigned system user for WL to start?
  A system user name and password. WebLogic Server user names and passwords can
  contain any character from the JDK supported character sets, including international
  characters.
  Thank You
  David L. Wasler
  [email protected]

  Hi ikrambuneri,
  Based on your description, I have an idea .But I won`t guarantee it will work .
  We can use the AccessChk tool with parameter "/f /p"to check the token information and privilages information of this specific software process .Then we can create a group and authority the realted privilages to this group from the group policy .
  Group policy \Computer Configurations\Windows Settings \Security Settings \Local Policies\User Rights Assignment
  AccessChk v5.21
  https://technet.microsoft.com/en-us/sysinternals/bb664922.aspx?f=255&MSPPError=-2147217396
  As a work around ,you can create a shortcut with "Runas" command line for the user .Here is a link for reference of doing this .
  Please note that this method will ask for the administrator password for the first time to run the software short cut and it will save the administrator privilages and this may result in security issue .We don`t recommend to do this.
  Windows 7: Elevated Program Shortcut - Create for Standard User
  http://www.sevenforums.com/tutorials/193743-elevated-program-shortcut-create-standard-user.html
  NOTE: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites.
  Best regards
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Windows 2008 R2 Standard Remote Desktop Users cannot Connect

  I have a windows 2008 R2 Standard Terminal Server and some users aren't able to connect even though they are in groups that are in Remote Desktop Users on the local computer.  I checked the local security policy setting "Allow log on through Remote
  Desktop Services" and I see that Remote Desktop Users is a member of this group.  Inside of Remote Desktop Users we have DOMAIN\Domain Users and DOMAIN\Terminal Users.  Most of our users are in both groups, but there are still some people that
  aren't able to connect via Remote Desktop to this computer.  There are no users in "Deny logon through Terminal Services."
  Thanks!

  Hi,
  Thank you for posting in Windows Server Forum.
  Is it happens to all users or any particular group of users?
  Please check by creating new user add them to “Remote Desktop Users” group and then see whether that test user can remote desktop to the server.
  It also might happens that you may be limited in number of users or some connection issue or may be firewall setting issue. Please go through beneath article for information.
  Remote Desktop disconnected or can’t connect to remote computer or to Remote Desktop server (Terminal Server) that is running Windows Server 2008 R2
  http://support.microsoft.com/kb/2477176
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• User rights assignment

  Hi All
  i have a small domain environment where 40 clients are connected to 2008 server.
  some clients needs to run specific software for which they needs administrative rights and password. but i dont want to give them administrator password. please any one can let me know how to keep them in a separate group and assign them the rights so they
  can run specific program on server without knowing admin password,
  please help me with proper steps.
  thanks 

  Hi ikrambuneri,
  Based on your description, I have an idea .But I won`t guarantee it will work .
  We can use the AccessChk tool with parameter "/f /p"to check the token information and privilages information of this specific software process .Then we can create a group and authority the realted privilages to this group from the group policy .
  Group policy \Computer Configurations\Windows Settings \Security Settings \Local Policies\User Rights Assignment
  AccessChk v5.21
  https://technet.microsoft.com/en-us/sysinternals/bb664922.aspx?f=255&MSPPError=-2147217396
  As a work around ,you can create a shortcut with "Runas" command line for the user .Here is a link for reference of doing this .
  Please note that this method will ask for the administrator password for the first time to run the software short cut and it will save the administrator privilages and this may result in security issue .We don`t recommend to do this.
  Windows 7: Elevated Program Shortcut - Create for Standard User
  http://www.sevenforums.com/tutorials/193743-elevated-program-shortcut-create-standard-user.html
  NOTE: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites.
  Best regards
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• How to programmatically manage Remote Desktop Users?

  Hi,
  I want to know if it esists a method to programmatically set/get the Remote Desktop Users list, such as add/remove an user and so on.
  Thank you all in advance
  Best Regards
  Antonino

  Hi,
  first of all, I want to thank you for reply. But, what I'm looking for is to programmatically view the list of the users for the Remote Desktop Control. With Remote Desktop Control I mean the way I let some other users over the network to operate with my own desktop in Windows XP (that is what you find in system->properties->remote desktop->advanced...and so on).
  Antonino

• "Local Policies User Rights Assignment" not applying

  I bought Dell Vostro series computer with a Windows 7 Professional 64-bit OEM.
  The OS cannot apply the changed User Rights Assignment in Local Policies.
  Here is the step to re-produce the problem:
  1. Launch "cmd"
  2. Type "date 2014-06-20" in the command prompt. (i.e. try to change the date)
  3. A error shown "A required privilege is not held by the client."
  4. I go to "Control Panel > Administrative Tools > Local Security Policy".
  5. I open "Local Policies > User Rights Assignment", and add "Everyone" to "Change the system time" and "Change the time zone"
  6. Restart the computer
  7. Launch "cmd" and type "date 2014-06-20", the same error message shown. That is, the policy is not applied.
  Note: If I launch the cmd as administrator, no error will show.
  I am not familiar with Local Security Policy and related and I tried to search online but not thing found (maybe I didn't know how to apply).
  I would like to know how to resolve this problem from you. If you need more information like the log in Event Log, please tell me which one you need.
  Thanks so much!

  Hi,
  I tested this issue, after adding everyone to the group you mentioned above, I can successfully change the system time as a standard user. and the format is date 06-20-2014
  I suggest you logon as admin, and manually check the policy, see whether it has been updated.
  Yolanda Zhu
  TechNet Community Support

• Missing user rights assignment entries for many security policies in list exported via secedit

  Hello,
  First of all, I posted this same question on The Official Scripting Guys Forum! but didn't get the answer to this exact question (even though I received a lot of useful relevant info). That is why I am posting here. This is a more appropriate
  forum for the question. (Also posted on Windows Server 2012 General two days ago and didn't get a response at all).
  OK, question time:
  I want to modify the user rights assignment for a local security policy. In the GUI, find User Rights Assignment as follows: Win+R -> Enter "secpol.msc" -> Go to Local Policies -> Go to User Rights Assignment.
  So, to modify a particular use rights assignment via a script, I need to export the INF file using secedit, modify it and then configure using the modified file using secedit. To export the INF file, I am using:
  secedit /export /db C:\Windows\security\database\secedit.sdb /mergedpolicy /cfg SecPolicy
  Now, the problem is that the INF file exported doesn't have all the user rights assignments that I see in the GUI. For example, the policy "Restore files and directories" has users/groups in its settings but it doesn't show up in the INF file.
  In fact, most don't. Only five do and all these five have a different symbol next to them in the GUI. How are these policies different? What do I need to do to export all the policies?
  EDIT: Adding screenshot of what I see:
  Thanks!
  -Rohan.

  On Fri, 11 Apr 2014 18:26:50 +0000, Rohan PN wrote:
  Now, the problem is that the INF file exported doesn't have all the user rights assignments that I see in the GUI. For example, the policy "Restore files and directories" has users/groups in its settings but it doesn't show up in the INF
  file. In fact, most don't. Only five do and all these five have a different symbol next to them in the GUI. How are these policies different? What do I need to do to export all the policies?
  Can you post a screen shot? My guess is that what you're seeing is that
  secpol is only exporting the local settings and not ones that are set by a
  GPO in AD and that will also be the difference between the icons.
  Paul Adare - FIM CM MVP
  Although the Buddhists will tell you that desire is the root of suffering,
  my personal experience leads me to point the finger at system
  administration.
  -- Philip Greenspun

• How to remote desktop user can read, write ,modify and traverse folder but not execute?

  Now I ceate a user accout whis is user type and put him into remote desktop group.
  he can login this server by remote desktop.
  My server is windows 2003 but not in nt domain and  it is a workgroup computer.
  I want to limit him access right on one folder in which have many folders and .exe file.
  I only want he can read , write,modify file and traverse folder but not execute any .exe file.
  How can I implement this through NTFS.
  Please give me some advice.

  Hi,
  I think you could using advanced option to configure the file or folder permission:
  http://technet.microsoft.com/en-us/library/bb727008.aspx
  Regards.
  Vivian Wang

• Group Policy for Remote Desktop Users

  Hi,
  Currently my users use desktops and have user and computer GPOs applied (typical things like logon scripts etc.) at the OU level where they reside e.g. Finance Users, Sales Users etc.
  I am planning a Remote Desktop 2012 environment.
  I have read the following:
  TechNet cc779327
  So, my understanding is that I create a new OU for my Remote Desktop Server only (not users), and create a new security Group for my RD Users and a security group for my RD server.
  Remote Desktop Servers OU
             * RD User GPO (filter on RD User security Group and RD Computer Security Group)
             * RD Computer GPO (filter on RD User security Group and RD Computer Security Group)
  I then apply all computer settings to the RD Computer GPO (loopback processing, Windows installer, hide shortcuts etc.).
  I then apply all user settings to the RD User GPO (app specific, templates etc.)
  Why not consolidate the two GPOs into one?
  If I set computer settings in the computer GPO, and apply it as above to filter to the RD Server group and RD Users Group will this apply to only users un the RD User Group...or ALL users since I added the server to the filter?
  If a user currently gets a setting in their normal OU e.g. Finance logon script, will they still get it on the Remote Desktop? Or do I need to copy that GPO setting to my new RD User GPO also?
  Am I right to add both RD Server and RD User groups to the filter on both RD User and RD Computer GPOs?
  Loopback processing - merge or replace typically for Remote Desktop?

  Hi,
  Thank you for posting in Windows Server Forum.
  Create OU for RDS Server in Active Directory. Create security group for users who will use Remote Desktop Host (i.e. RDS Users). Create GPO (i.e. RDS Server Lock Down). In Security Filtering delete Authenticated Users, add RDS Server Account, and the security
  group created in previous step.
  Please check beneath article might useful for better understanding.
  Lock Down Remote Desktop Services Server 2012
  How to secure your remote desktop server with GPO
  Hope it helps!
  Thanks,
  Dharmesh

• Remote Desktop - User Internet Sites Monitoring

  Can Remote Desktop Report what Internet Sites a User has gone to ?
  Thanks !
  Danny

  Again, there is no such report in Apple Remote Desktop. The only way you could get even part of that information is by copying the browser history logs from the clients to your administration workstation and examining those logs, and that's probably not practical even if the users don't just clear the history rendering those logs uninformative. You'll need to look for software that is specifically built for web monitoring.
  Regards.

• Apple Remote Desktop - Users constantly appear and disappear in All Computers List

  I have a problem and I am thinking it is probably some kind of broadcast error on my network, but why not question Apple Remote Desktop in the process? Computers seem to flicker from available to unavailable. I think they are actually on. If I send a task out while it shows availbe it does complete even though it flickers on and off throughout the package install. However it will not let me send out installs when it say unavailable (as expected). If I am lucky I can catch the systems when they show available and the installs work. I have deleted preferences and re-installed ARD. I am using 3.7
  Personally I think it is my switches and Bonjour. Does anyone else have this issue and a work around?

  Hey Madoser,
  I had the same problem. I administrate around 30 macs, which I undrestand isn't much.....I was having issues with ard after updating to mavericks. I decided to do a complete erase and reinstall on my machine. This was't because of ard, mind you. I was having all kinds of problems. Nothing unexpected as far as I'm concerned but after doing things, my ard problems went away. It's only been a day, but everything is working like a dream.
  I'll make sure