I have set up Terminal Services in Windows 2003. Which is part of the domain. That server is not DC. It has only one role: Terminal Server
When I'm trying to log in to it via RDP as an Domain Administrator or any other user in the Domain Admins group. It's working fine and allowing me to work.
However when I'm trying to RDP in with members of "Domain Users" group
I am getting:
Remote Desktop Connection Denied because the user account is not authorized for remote login
I have set local policies and allowed Domain Users (Allow logon through Remote Desktop Services) and the Deny login through Remote Desktop Services is not configured.
I also tried to add certain users to the Builtin Remote Desktop Users group no luck.
Please help!
Create a group policy that uses the restricted groups feature to place "Domain Users" in the "Remote Desktop Users" group. Apply that policy to your server, overriding the local policy. Log in as domain admin and make sure the policy refreshes. When you examine the remote desktop users group, verify that "domain users" has been placed in this group. Now, log off and test as one of your domain users.
It's possible to set a computer so that a specific level of privileges are required to log on to it at all, regardless of whether it's in person or from Remote Desktop. I can't find a link right now, but I believe there's a Group Policy that applies to domain controllers which enforces this limitation. You should be able to change that policy to either add a new group (and put this person in it), add this person directly, or remove the restriction entirely and allow anybody to log in.