I have successfully added a WS2008 R1 Domain Controller to our existing W2000 Active Directory domain (using "adprep /forestprep" and then "adprep /domainprep / gpprep" to prepare the domain before joining) and all seems to be working well. Ultimately I will be turning off the W2000 Server so this server also needs to run Terminal Services, which also works well to a point: it will not allow Domain Users to connect using RDP (Admins can link fine).
Standard advice is to add users to the 'Remote Desktop Users' group, but there is no such group in my Active Directory.
I have tried various other avenues as I have hunted the web for assistance:
- I have added Domain Users in the WS2008 Local Security Policy: Security Settings\User Rights Assignment\Allow log on through Terminal Services;
- Ws2008: Remote System Properties are set to 'Allow connections from computers running any version of Remote Desktop';
- I have checked my Remote Desktop client is not running with the /admin switch (it isn't);
- I have installed the latest RD Client from Miscrosoft (here: http://www.microsoft.com/en-us/download/confirmation.aspx?id=20609) on my XP-Pro PC;
- I have also added Domain Users and Domain Admins in Group Policies on the 2008 server(Default Domain Controller\Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow log on through Terminal Services).
I am stuck. I don't want to give my users Admin rights, but don't know what else to do. Can anyone shed any light on this for me?
ps: At the moment the W2000 server is the Operations Master for the AD domain; I don't know if that makes any difference.
Many Thanks,
Tony