RemoteLogin Failed Via GP across Domain Trust

By lordcook99 ·
I have tried this two ways now. One where the destination domain is a child domain of the forest and one where it is a separate forest trusting the main domain.

As it stands:
1. Domain A is trusted by Domain B.

2. A\shawn is a member of B\Remote Desktop users & B\Domain Admins

3. ServC is a member of Domain B & has RemoteDesktop enabled

4. GP for Domain B is applied to all resources in the domain B and Enforced which specifies that A\shawn B\Domain Admins B\Remote Desktop Users are allowed login through terminal services

5. B\Administrator can login remotely to B\ServC

6. ServC is able to authenticate A\Shawn verified by logining as B\Administrator and doing a runas

7. GPResult /v shows the policy is applied to ServC and A\Shawn is permitted remote login.

What can't A\Shawn log in to ServC? I get the standard "To log on to this remote computer, you must have Terminal Server User Access permissions on this computer...."

Please advise.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Remote Administration settings

by CG IT In reply to RemoteLogin Failed Via GP ...

who has been granted remote administration privileges? the default is the domain administrators security group. If A\Shawn is not a member of the domain administrators security group in domain A, which would be trusted by domain B, then access is denied.

Collapse -

A\Shawns Rights

by lordcook99 In reply to Remote Administration set ...

A\Shawn is a member of
A\Enterprise Admins
A\Domain Admins
A\Group Policy Creaters
A\Remote Desktop Users
B\Enterprise Admins
B\Domain Admins
B\Remote Desktop Users

Related Discussions

Related Forums