posted from TechNet
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Allow log on through Terminal Services
Description
This security setting determines which users or groups have permission to log on as a Terminal Services client.
Default:
- On workstation and servers: Administrators, Remote Desktop Users.
- On domain controllers: Administrators.
Configuring this security setting
You can configure this security setting by opening the appropriate policy and expanding the console tree as such: Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesUser Rights Assignment
For specific instructions about how to configure security policy settings, see Edit security settings on a Group Policy object.
Important
- This setting does not have any effect on Windows 2000 computers that have not been updated to Service Pack 2.
Updated: January 21, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
To edit a security setting on a Group Policy object
Choose the appropriate environment for which you want to edit a security setting:
- For your local computer
- For a Group Policy object, when you are on a workstation or server that is joined to a domain.
- For a Group Policy object, when you are on a domain controller or on a workstation that has the Windows Server 2003Administration Tools Pack installed.
- For only domain controllers, when you are on a domain controller.
For your local computer
- Open Local Security Settings.
- In the console tree, click Security Settings.
- Do one of the following:
- To edit Password Policy or Account Lockout Policy, click Account Policies.
- To edit an Audit Policy, a User Right Assignment, or Security Options, click Local Policies.
- Double-click the security setting in the details pane that you want to modify.
- Modify the security setting, and then click OK.
Notes
- To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.
- To open Local Security Policy, click Start, point to Settings, click Control Panel, double-click Administrative Tools, and then double-click Local Security Policy.
For a Group Policy object, when you are on a workstation or server that is joined to a domain.
- On the taskbar, click Start, point to Run, type mmc, and then click OK.
- In the console, on the File menu, click Add/Remove snap-in.
- In Add/Remove Snap-in, click Add, and then, in Add Standalone Snap-in, double-click Group Policy Object Editor.
- In <