Managing Terminal Server Remote Admin Mode on Windows 2K Server

By tim.white ·
I have some users that connect to my Windows 2000 server from their homes using Terminal Services in Remote Administration mode. The users only need to run one application on the server. To get this to work I had to give all of the users full admin rights, which as you can imagine is not a good idea.
My question is this: Can I manage these Terminal Services users on the server so they can only run this one application (no shutdown, no internet, ect) running remote administration mode or do I need to buy Terminal Services Application Server licenses?
Thanks for the help.


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

well yes but not with Admin privileges

by CG IT In reply to Managing Terminal Server ...

not with their having admin privileges.

why can't they do what they want to do with their regular user account?

they should with RWW or RD

Collapse -

What happens if I remove users from Admin Group

by tim.white In reply to well yes but not with Ad ...

Currently the users are in the Domain Admins and the Domain Users groups. If I configure a user to only be in the Domain Users group and attempt to login through terminal services I get an error saying "The local policy of this system does not permit you to login interactively"

Collapse -

get's a little involved

by lowlands In reply to What happens if I remove ...

By default I believe only administrators have the permission to log on locally if the server is in remote admin mode. I can't remember for sure if domain users gets added once you enable the "real" terminal services (more than two accounts can connect at the same time.

If not, you'll have to give Domain Users (or a group you create specifically for this purpose) user pemissions on your RDP connection (Admin Tools/Terminal Server Configuration) and using gpedit.msc, you'll also have to give them permissions to log on locally.

Also don't forget that if you enable terminal services for more than two users, you'll need a configured terminal services license server.

Related Discussions

Related Forums