bbbngowc Posted July 7, 2009 Share Posted July 7, 2009 Hi,On our Windows 2003 Domain there seems to be a group policy or something that is disabling remote desktop connections to the servers. The option is disabled in the "Remote" tab of Computer Properties and so I have to go to the registry, manually changed the deny setting and then users can connect. But once the server updates it's locked out again. I went through all of the GPs on the Domain and I can't find anything related to Remote Desktop or Terminal Services. How can I find what is causing this to happen? Link to comment Share on other sites More sharing options...
cluberti Posted July 7, 2009 Share Posted July 7, 2009 Log into a server where the setting is disabled, and run rsop.msc to see what policies are being applied, and from where. If it's not a group policy, you'll probably have to use process monitor with a filter to watch that specific reg key to see who or what is overwriting it with the "bad" value (you can set it read only and remove everyone but your account's permission to the key holding the value as well, so that procmon catches an access denied rather than an overwrite - you catch the culprit, and the value doesn't get overwritten. Link to comment Share on other sites More sharing options...
PC_LOAD_LETTER Posted July 7, 2009 Share Posted July 7, 2009 I set the following in a GPo so youll wanna check these in rsop.mscComputer Configuration->Windows Settings->Security Settings->System ServicesTerminal Services (Startup Mode: Automatic)Computer Configuration->Windows Settings->Security Settings->Restricted GroupsGroup = USER/GROUP_YOU_WANT_TO_GRANT_ACCESS_REMOTELYMember of=BUILTIN\Remote Desktop UsersComputer Configuration->Administrative Templates->Windows Components/Terminal ServicesAllow users to connect remotely using Terminal Services->Enabled Link to comment Share on other sites More sharing options...
bbbngowc Posted July 9, 2009 Author Share Posted July 9, 2009 The problem is the "Local Group Policy" keeps setting the option to disabled. I went to gpedit.msc and changed the option back to "Not Configured" or "Enabled" however, in a matter of hours, this option is set to disabled again.How can I find the Local Group Policy that's causing this? Link to comment Share on other sites More sharing options...
cluberti Posted July 9, 2009 Share Posted July 9, 2009 The problem is the "Local Group Policy" keeps setting the option to disabled. I went to gpedit.msc and changed the option back to "Not Configured" or "Enabled" however, in a matter of hours, this option is set to disabled again.How can I find the Local Group Policy that's causing this?Assuming after the setting is reset, your local group policy is still set to 'Enabled', run rsop.msc to see what policy is setting it. If the local policy isn't (or wasn't the only policy setting it), you should be able to use rsop.msc (as I mentioned previously) to find it. Otherwise, you can try to run gpresult /z to try and find the culprit once the setting is disabled again. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now