I have tried this two ways now. One where the destination domain is a child domain of the forest and one where it is a separate forest trusting the main domain.
As it stands: 1. Domain A is trusted by Domain B.
2. A\shawn is a member of B\Remote Desktop users & B\Domain Admins
3. ServC is a member of Domain B & has RemoteDesktop enabled
4. GP for Domain B is applied to all resources in the domain B and Enforced which specifies that A\shawn B\Domain Admins B\Remote Desktop Users are allowed login through terminal services
5. B\Administrator can login remotely to B\ServC
6. ServC is able to authenticate A\Shawn verified by logining as B\Administrator and doing a runas
7. GPResult /v shows the policy is applied to ServC and A\Shawn is permitted remote login.
What can't A\Shawn log in to ServC? I get the standard "To log on to this remote computer, you must have Terminal Server User Access permissions on this computer...."
Please advise.
This conversation is currently closed to new comments.
who has been granted remote administration privileges? the default is the domain administrators security group. If A\Shawn is not a member of the domain administrators security group in domain A, which would be trusted by domain B, then access is denied.
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
RemoteLogin Failed Via GP across Domain Trust
As it stands:
1. Domain A is trusted by Domain B.
2. A\shawn is a member of B\Remote Desktop users & B\Domain Admins
3. ServC is a member of Domain B & has RemoteDesktop enabled
4. GP for Domain B is applied to all resources in the domain B and Enforced which specifies that A\shawn B\Domain Admins B\Remote Desktop Users are allowed login through terminal services
5. B\Administrator can login remotely to B\ServC
6. ServC is able to authenticate A\Shawn verified by logining as B\Administrator and doing a runas
7. GPResult /v shows the policy is applied to ServC and A\Shawn is permitted remote login.
What can't A\Shawn log in to ServC? I get the standard "To log on to this remote computer, you must have Terminal Server User Access permissions on this computer...."
Please advise.