Help and Support
 

powered byLive Search

Remote Administration of Terminal Services by Non-Administrators Accounts

View products that this article applies to.
Article ID:253831
Last Review:March 8, 2007
Revision:2.3
This article was previously published under Q253831

SYMPTOMS

Terminal Services running in Remote Administration mode is designed to be used for remotely managing servers. Remote Administration mode does not require client licensing and is limited to two simultaneous connections. Groups that typically manage servers, such as Server Operators, are not included in the default RDP-TCP permissions, and therefore cannot log on. When a user who is not an administrator tries to log on, the user receives the following error message:
Logon Message

You do not have access to logon to this Session.

OK

Back to the top

CAUSE

Members of the Administrators group are the only accounts with default permissions to log on to a Terminal Services-based server in Remote Administration mode. The System service account appears in the list also, but is not used for user access.

Back to the top

RESOLUTION

You can give additional groups and users logon permissions. The members of the Server Operators group, for example, would then be able to log on and manage the Terminal Services-based server without having to be a member of the Administrators group. To add additional groups or users:
1.Click Start, point to Programs, point to Administrative Tools, and then click Terminal Services Configuration.
2.in the tree in the left pane, click Connections.
3.Click the RDP-TCP connection in the right pane, and then click Properties on the Action menu.
4.Click the Permissions tab.

NOTE: Only Administrator and System accounts appear.
5.Click Add. Search for the groups or users that are appropriate for your Terminal Services management (such as the Server Operators group). Click Add to place them in the bottom pane. Click OK.

NOTE: The Server Operators group appears in the RDP-TCP properties; the permissions in the bottom pane are not enough to manage the server because only Guest Access is selected by default.
6.Click to select the User Access check box for basic tasks or both the User Access and Full Control check boxes to fully manage the server, and then click Apply.
7.Click OK.
8.Test by logging on the accounts in the Server Operators group.

Back to the top

STATUS

This behavior is by design.

Back to the top

MORE INFORMATION

Only two concurrent logons to a Terminal Services-based server are allowed. This is not changed by adding additional groups to the allowable logon list. Remote Administration mode is not designed for users to log on and use programs. Install Terminal Services in Application Server mode for this type of usage.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
246109 (http://support.microsoft.com/kb/246109/EN-US/) Error Messages Generated When Logging on with Terminal Services Client
243554 (http://support.microsoft.com/kb/243554/EN-US/) Explanation of RDP-TCP Permissions in Windows 2000

Back to the top

APPLIES TO
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server

Back to the top

Keywords: 
kbenv kbprb kbtermserv KB253831

Back to the top

Article Translations

 

Related Support Centers

Other Support Options

  • Need More Help?
    Contact a Support professional by E-mail, Online or Phone.
  • Customer Service
    For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
  • Newsgroups
    Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.