General discussion

Locked

Citrix is domain controller issue

By digitalbear ·
A citrix metaframe xp server running terminal services in our network with another win2k sp4 server both running as DC's is not permitting "log on locally" rights to the thinclients sessions unless the user logs on as admnistrator. I have researched the issue heavily and thought I had it nailed down by creating an OU called "terminal server" and moving the Citrix server there" then creating a group policy called "terminal users" with rights to "log on locally". I then added the needed users to the "terminal users" group. Users still receive error "Local policy of this system does not permit you to logon interactively". Can someone point out the snafu I am making?

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by BFilmFan In reply to Citrix is domain controll ...

End users should not be granted the rights to log on locally to a domain controler. This policy is being set by the domain controller policy and not the domain policy.

I would highly recommend that you re-engineer this Citrix solution or else you may find end users making "adjustments" to your domain controller such as deleting that "unneccasry file) NTDS.DIT.

Collapse -

by digitalbear In reply to Citrix is domain controll ...

would you then recommend that I demote the server and handle the rights on a more local level? The users autostart into a kiosk mode and are logged out automatically if the session is ended. they do not have admin rights on the thinclient to modify sessions so I felt the possibility of them accessing the "unnecessary" files was minimal as they do not have a desktop session to access.

Collapse -

by haileyan In reply to Citrix is domain controll ...

There is a GPO setting for "Allow Login to Terminal Server." Add your TS User group to theis policy setting.

They do not need log-in locally.

TS & Citrix will both work just fine on a Domain Controller though for security reasons it is not recommended.

Collapse -

TS & Citrix & DC??

by shenny_t In reply to

Hi i know this as not been accessed in a long tie bt i am hoping you get a message when someone replies even after this long.. I have Citrix on a Terminal Server (windows Server 2003) and I wanted to know if my TS can also be a DC? I had the impression the a TS can not also be a DC but the way you state it makes me think it can: ie u said: "TS & Citrix will both work just fine on a Domain Controller".

Please confirm. thanks.
If not, can i just have a seperate DNS to provide me with a domain name for Citrix and that's it? While i'm asking... does Citrix aboslutely need a Domain name? can it run without being on a domain..?

Back to Windows Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums