posted from TechNet

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Allow log on through Terminal Services


This security setting determines which users or groups have permission to log on as a Terminal Services client.


  • On workstation and servers: Administrators, Remote Desktop Users.
  • On domain controllers: Administrators.

Configuring this security setting

You can configure this security setting by opening the appropriate policy and expanding the console tree as such: Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesUser Rights Assignment

For specific instructions about how to configure security policy settings, see Edit security settings on a Group Policy object.


  • This setting does not have any effect on Windows 2000 computers that have not been updated to Service Pack 2.




Edit security settings on a Group Policy object

Updated: January 21, 2005

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2


To edit a security setting on a Group Policy object

Choose the appropriate environment for which you want to edit a security setting:

For your local computer

  1. Open Local Security Settings.


  2. In the console tree, click Security Settings.


  3. Do one of the following:
    • To edit Password Policy or Account Lockout Policy, click Account Policies.


    • To edit an Audit Policy, a User Right Assignment, or Security Options, click Local Policies.


  4. Double-click the security setting in the details pane that you want to modify.


  5. Modify the security setting, and then click OK.



  • To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.


  • To open Local Security Policy, click Start, point to Settings, click Control Panel, double-click Administrative Tools, and then double-click Local Security Policy.


For a Group Policy object, when you are on a workstation or server that is joined to a domain.

  1. On the taskbar, click Start, point to Run, type mmc, and then click OK.


  2. In the console, on the File menu, click Add/Remove snap-in.


  3. In Add/Remove Snap-in, click Add, and then, in Add Standalone Snap-in, double-click Group Policy Object Editor.


  4. In <
2018-03-15T14:25:43-04:00February 7th, 2010|0 Comments

Leave A Comment