How do I disable TS on my SBS 2k3 system and run it on my app serv

Discussion in 'Windows Small Business Server' started by JoeT, Dec 1, 2004.

  1. JoeT

    JoeT Guest

    Hi,
    I have an SBS 2k3 machine and a Win2K3 machine in the same domain. The SBS
    is the primary domain controller and the Win2k3 is a domain controller with
    Terminal services running on it. When I installed TS on the Win2k3 machine I
    had to add my TS user group to the Default Domain Controller Security
    Settings in Allow Logon Locally and Allow Logon Through Terminal Services
    user rights, otherwise when I tried to logon to the Terminal server I
    received a 'No rights to logon locally' error. Now users can logon to the
    Win2k3 TS but they are also able to logon to the SBS as a TS session. I
    really don't want anyone but administrators to logon to the SBS machine. I'd
    like to know how to disable TS logons to the SBS machine but still allow them
    on the Win2k3 machine.

    Thanks,
     
    JoeT, Dec 1, 2004
    #1

    1. Advertisements

  2. JoeT

    Javier Gomez [SBS MVP] Guest

    Is the Win2k3 Server a DC? If so, that's the problem. You shouldn't run TS
    on a DC. DCPromo the Win2k3 server back to member server and you will not
    have to modify the domain controller security policy on the first place.
     
    Javier Gomez [SBS MVP], Dec 2, 2004
    #2

    1. Advertisements

  3. JoeT

    JoeT Guest

    Hi Javier,
    I demoted the Win2k3 server so it is not a DC and removed the changes to
    the domain controller security policy. That fixed the SBS server - now only
    administrators can logon to the SBS server. But users still can not logon to
    the Win2k3 server. I get the same message 'The local policy of this system
    does not allow you to logon locally'. So I went to the local security policy
    and added my TS group to the Allow logon through Terminal Services policy.
    After waiting awhile I tried to logon again - same thing. I am using Remote
    Desktop Connect to try to logon. Is there something else I have to do?

    Thanks,
    Joe

     
    JoeT, Dec 2, 2004
    #3
  4. JoeT

    Javier Gomez [SBS MVP] Guest

    Most of the stuff you are messing with is taken care with the
    connectcomputer wizard (this should take care of making the user part of the
    appropiate *local* groups in the TS box). I suggest you use it... you can
    find very detailed information here:
    http://download.microsoft.com/download/7/5/2/75219da3-8c11-496c-978f-e6892762e874/ADS_TermServ.doc

    --
    Javier [SBS MVP]
    www.msmvps.com/javier
    << SBS ROCKS!!! >>

     
    Javier Gomez [SBS MVP], Dec 2, 2004
    #4

    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads

  1. SBS 2k3 to SBS 2k3 Hardware upgrade.

  2. Can someone point me to a step by step to forklift 2K3 SBS exchg to 2K3 SBS exch ?

  3. Office XP on Term Serv 2k3 - permissions?

  4. SBS 2k3 to SBS 2k3 on a different computer

  5. FRS on Win Serv 2K3 R2 and Win Serv 2k3 R2 x64

  6. Do i need windows 8 security updates???

  7. How do I get the disk drive serial number in filter driver?

Loading...