Accessing Terminal Services Using New User Rights Options

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

This article was previously published under Q278433
This article describes new options that you can use to assign user rights in Windows that affect the Terminal Services feature.
Windows Server 2003 includes the following new User Rights options:
  • Allow logon through Terminal Services
  • Deny logon through Terminal Services
You can use these options to change the set of permissions a user must have to establish a Terminal Services session.

To establish a Terminal Services session, a user must have the following permissions:
  • Allow logon through Terminal Services To grant a user these permissions, start the Group Policy snap-in, open the Local Security Policy or the appropriate Group Policy, and then navigate to the following location:
    Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment
  • Allow logon to Terminal Server

    To grant a user these permissions, start either the Active Directory Users and Computers snap-in or the Local Users And Groups snap-in, open the user's properties, click the Terminal Services Profile tab, and then click to select the Allow logon to Terminal Server check box.
  • Guest Access: Logon to the RDP-TCP connection

    To grant guests Logon rights to the RDP-TCP connection, start the Terminal Services Configuration snap-in, edit the RDP-TCP so that the guest has at least Logon rights.
The pivotal difference between Windows 2000 and Windows Server 2003 is the "Allow logon through Terminal Services" user right. When you grant this user right, you no longer have to grant the user the Log on locally right (this was a requirement in Windows 2000). In Windows Server 2003, it is possible for a user to establish a Terminal Services session to a particular server, but not be able to log on to the console of that same server.

Article ID: 278433 - Last Review: 02/28/2007 21:59:56 - Revision: 5.4

Microsoft Windows Server 2003, Enterprise Edition (32-bit x86), Microsoft Windows Server 2003, Standard Edition (32-bit x86)

  • kbenv kbinfo kbtermserv KB278433