Issue after establishing a 2-way trust between 2 forests

Thank you again every thing I am doing it actually.

Best Regards

"Meinolf Weber [MVP-DS]" wrote:

> Hello vdz,
>
> Use restricted groups with GPO of course. This article describes in detail
> how to configure it:
> http://www.frickelsoft.net/blog/?p=13
>
> Keep atttention of the parts "Members of this group" and "This group is a
> member of".
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > Hello Meinolf,
> >
> > One more question pls, as you know that I had to manually assign the
> > local admin to each user on each their PC, is there any ways/scripts
> > to remove this automatically? therefor I don't have remove one by one
> > manually.Thanks
> >
> > Regards,
> >
> > "vdz" wrote:
> >
> >> Hello Meinolf,
> >>
> >> Thought I'd let you know a new good news, they can logon without
> >> local admin. Briefly, somehow all the appropriate users in "allow log
> >> on locally" were removed.
> >>
> >> All good now.
> >>
> >> Much appreciated.
> >> I think it worked because of your wish .
> >> Regards
> >>
> >> "Meinolf Weber [MVP-DS]" wrote:
> >>
> >>> Hello vdz,
> >>>
> >>> I assume that account is deleted, so you can normally remove it.
> >>>
> >>> Well, that's easy good luck.
> >>>
> >>> Best regards
> >>>
> >>> Meinolf Weber
> >>> Disclaimer: This posting is provided "AS IS" with no warranties, and
> >>> confers
> >>> no rights.
> >>> ** Please do NOT email, only reply to Newsgroups
> >>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>>> Hello Meinolf
> >>>>
> >>>> Yes you r right about Guest and users account in default DC policy.
> >>>> I
> >>>> already removed them.
> >>>> With the SID issue, I used the sidtoname as per your suggestion.
> >>>> But
> >>>> it does
> >>>> not resolve the SID in "allow logon locally".
> >>>> Thanks again for your help, I have to wait until tomorrow to see if
> >>>> they can logon without local admin. Wish me luck
> >>>> kind regards
> >>>>
> >>>> "Meinolf Weber [MVP-DS]" wrote:
> >>>>
> >>>>> Hello vdz,
> >>>>>
> >>>>> In the Default domain controllers policy i would nopt have the
> >>>>> users and guests. Normally there is no need for them to logon to a
> >>>>> DC, espcially GUESTS.
> >>>>>
> >>>>> The long number is a SID if starting with
> >>>>> S-1-5xxxxxxxxxxxxxxxxxxxxxxxxxxxx, this will be shown if there is
> >>>>> a deleted account from the database, the SID's will then be shown
> >>>>> instead of the name.
> >>>>>
> >>>>> This can help you to resolve SID's:
> >>>>> http://www.joeware.net/freetools/tools/sidtoname/index.htm Best
> >>>>> regards
> >>>>>
> >>>>> Meinolf Weber
> >>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
> >>>>> and
> >>>>> confers
> >>>>> no rights.
> >>>>> ** Please do NOT email, only reply to Newsgroups
> >>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>>>>> Hello Meinolf
> >>>>>>
> >>>>>> Thanks again for your help,
> >>>>>> I had a closer look at all GPOs in use again.
> >>>>>> Here is what I found:
> >>>>>> in default domain controller policy
> >>>>>> "Allow log on locally" is defined and including Administrators,
> >>>>>> users,
> >>>>>> guests, backup operators, server operators etc...
> >>>>>> In default domain policy
> >>>>>> "Allow log on locally" is defined but only including
> >>>>>> Administrators
> >>>>>> and
> >>>>>> another account which is a long number, that is all. So I am
> >>>>>> going
> >>>>>> to
> >>>>>> add
> >>>>>> appropriate users to see if it works.
> >>>>>> Regards,
> >>>>>> vdz
> >>>>>> "Meinolf Weber [MVP-DS]" wrote:
> >>>>>>> Hello vdz,
> >>>>>>>
> >>>>>>> I am really sure that has nothing to do with the trust. Then it
> >>>>>>> should appear if you remove the trust, which doesn't help as you
> >>>>>>> said.
> >>>>>>>
> >>>>>>> Sounds for me still like policy issue. I would go back to the
> >>>>>>> default user account settings/policy, without adding them to
> >>>>>>> remote desktop users group or "Allow logon to TS" etc. Seems for
> >>>>>>> me that the "allow logon locally" setting is now configured only
> >>>>>>> for the servers and removed/overrides the ability to logon to
> >>>>>>> their local machines.
> >>>>>>>
> >>>>>>> Best regards
> >>>>>>>
> >>>>>>> Meinolf Weber
> >>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
> >>>>>>> and
> >>>>>>> confers
> >>>>>>> no rights.
> >>>>>>> ** Please do NOT email, only reply to Newsgroups
> >>>>>>> ** HELP us help YOU!!!
> >>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
> >>>>>>>> Hello Meinolf,
> >>>>>>>>
> >>>>>>>> Yes the problem is at their end, they logon locally and "log
> >>>>>>>> on to" their domain that was the first thing I told them to
> >>>>>>>> check. I did check every single GPO in use, I also added a
> >>>>>>>> particular user to "Allow log on locally" and asked her to
> >>>>>>>> logon to her PC, she could not at all, but weird thing I can
> >>>>>>>> log on as her (her username and password) using RDC on her PC.
> >>>>>>>> And I eventually removed the 2-way trust but the issue still
> >>>>>>>> persists.
> >>>>>>>>
> >>>>>>>> I ran out of clues, thanks a lot for your help so far.
> >>>>>>>>
> >>>>>>>> Regards
> >>>>>>>> "Meinolf Weber [MVP-DS]" wrote:
> >>>>>>>>> Hello vdz,
> >>>>>>>>>
> >>>>>>>>> Just to be sure, you did check the policy in the problem
> >>>>>>>>> domain and the users trying to logon are also from the OTHER
> >>>>>>>>> domain logging on THEIR domain?
> >>>>>>>>>
> >>>>>>>>> Also check this:
> >>>>>>>>> Computer Configuration\Windows Settings\Security
> >>>>>>>>> Settings\Local
> >>>>>>>>> Policies\User
> >>>>>>>>> Rights Assignment, "Log on locally"
> >>>>>>>>> by default, Administrators, Backup Operators, Power Users,
> >>>>>>>>> Users,
> >>>>>>>>> and
> >>>>>>>>> Guest should be available to logon locally.
> >>>>>>>>> You have to check all GPO's in use not only the default one's.
> >>>>>>>>> Best regards
> >>>>>>>>> Meinolf Weber
> >>>>>>>>> Disclaimer: This posting is provided "AS IS" with no
> >>>>>>>>> warranties,
> >>>>>>>>> and
> >>>>>>>>> confers
> >>>>>>>>> no rights.
> >>>>>>>>> ** Please do NOT email, only reply to Newsgroups
> >>>>>>>>> ** HELP us help YOU!!!
> >>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
> >>>>>>>>>> Hello Meinolf,
> >>>>>>>>>>
> >>>>>>>>>> I did check this GPO but they are not defined (both Default
> >>>>>>>>>> domain policy and default domain controller policy). The CEO
> >>>>>>>>>> at their end seems not to be happy at all.
> >>>>>>>>>>
> >>>>>>>>>> Regards,
> >>>>>>>>>>
> >>>>>>>>>> "Meinolf Weber [MVP-DS]" wrote:
> >>>>>>>>>>
> >>>>>>>>>>> Hello vdz,
> >>>>>>>>>>>
> >>>>>>>>>>> If they get the error message on there local computer, when
> >>>>>>>>>>> trying to logon with domain user account, password and
> >>>>>>>>>>> choosing there OWN domain in "Logon to", check that none GPO
> >>>>>>>>>>> in the domain is configured with "Deny logon locally".
> >>>>>>>>>>>
> >>>>>>>>>>> Best regards
> >>>>>>>>>>>
> >>>>>>>>>>> Meinolf Weber
> >>>>>>>>>>> Disclaimer: This posting is provided "AS IS" with no
> >>>>>>>>>>> warranties,
> >>>>>>>>>>> and
> >>>>>>>>>>> confers
> >>>>>>>>>>> no rights.
> >>>>>>>>>>> ** Please do NOT email, only reply to Newsgroups
> >>>>>>>>>>> ** HELP us help YOU!!!
> >>>>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
> >>>>>>>>>>>> Hello Meinolf,
> >>>>>>>>>>>>
> >>>>>>>>>>>> Sorry for confusion.
> >>>>>>>>>>>> They can logon Terminal Server using RDC, they have no
> >>>>>>>>>>>> problems
> >>>>>>>>>>>> with
> >>>>>>>>>>>> this
> >>>>>>>>>>>> logon,
> >>>>>>>>>>>> They did have the problem with logon on their PCs and I had
> >>>>>>>>>>>> to
> >>>>>>>>>>>> assign
> >>>>>>>>>>>> each
> >>>>>>>>>>>> users to local administrator of his/her PC.
> >>>>>>>>>>>> What I meant was that because they have the TS up and
> >>>>>>>>>>>> running
> >>>>>>>>>>>> and
> >>>>>>>>>>>> users have
> >>>>>>>>>>>> logon to this TS, somehow it might cause this issue.
> >>>>>>>>>>>> At my end, I have done a trust between 2 forests before
> >>>>>>>>>>>> with
> >>>>>>>>>>>> another
> >>>>>>>>>>>> partner, we did not have any issues and we did not have TS.
> >>>>>>>>>>>> Thanks a lot
> >>>>>>>>>>>> Regards
> >>>>>>>>>>>> "Meinolf Weber [MVP-DS]" wrote:
> >>>>>>>>>>>>> Hello vdz,
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> On which of them did they have the problem, please give
> >>>>>>>>>>>>> some more detail's? Or did they logon to the DC for work,
> >>>>>>>>>>>>> same for exchange?
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Or did they work only on the TS? If that is the case, did
> >>>>>>>>>>>>> they use the correct amount of TS Client access licenses?
> >>>>>>>>>>>>> Which mode is the TS running, application or remote
> >>>>>>>>>>>>> administration?
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Best regards
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Meinolf Weber
> >>>>>>>>>>>>> Disclaimer: This posting is provided "AS IS" with no
> >>>>>>>>>>>>> warranties,
> >>>>>>>>>>>>> and
> >>>>>>>>>>>>> confers
> >>>>>>>>>>>>> no rights.
> >>>>>>>>>>>>> ** Please do NOT email, only reply to Newsgroups
> >>>>>>>>>>>>> ** HELP us help YOU!!!
> >>>>>>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
> >>>>>>>>>>>>>> they have:
> >>>>>>>>>>>>>> 1X 2003 terminal server
> >>>>>>>>>>>>>> 1x 2003 DC
> >>>>>>>>>>>>>> 1x 2003 file server + Exchange 07
> >>>>>>>>>>>>>> Apparently they all have logon locally and remote desktop
> >>>>>>>>>>>>>> (Terminal
> >>>>>>>>>>>>>> services) as well where I think the issue lies on.
> >>>>>>>>>>>>>> Thanks a lot Meinolf
> >>>>>>>>>>>>>> Regards
> >>>>>>>>>>>>>> "Meinolf Weber [MVP-DS]" wrote:
> >>>>>>>>>>>>>>> Hello vdz,
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Where do they logon, sounds like on the server? Is that
> >>>>>>>>>>>>>>> a terminal server or domain controller or member server?
> >>>>>>>>>>>>>>> Are the users allowed to logon locally and in the
> >>>>>>>>>>>>>>> remote desktop user group?
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Best regards
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Meinolf Weber
> >>>>>>>>>>>>>>> Disclaimer: This posting is provided "AS IS" with no
> >>>>>>>>>>>>>>> warranties,
> >>>>>>>>>>>>>>> and
> >>>>>>>>>>>>>>> confers
> >>>>>>>>>>>>>>> no rights.
> >>>>>>>>>>>>>>> ** Please do NOT email, only reply to Newsgroups
> >>>>>>>>>>>>>>> ** HELP us help YOU!!!
> >>>>>>>>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
> >>>>>>>>>>>>>>>> The local policy of this system does not permit you to
> >>>>>>>>>>>>>>>> logon interactively
> >>>>>>>>>>>>>>>>
>
>
>

 

Hello vdz,

You're welcome.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Thank you again every thing I am doing it actually.
>
> Best Regards
>
> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello vdz,
>>
>> Use restricted groups with GPO of course. This article describes in
>> detail
>> how to configure it:
>> http://www.frickelsoft.net/blog/?p=13
>> Keep atttention of the parts "Members of this group" and "This group
>> is a member of".
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Hello Meinolf,
>>>
>>> One more question pls, as you know that I had to manually assign the
>>> local admin to each user on each their PC, is there any ways/scripts
>>> to remove this automatically? therefor I don't have remove one by
>>> one manually.Thanks
>>>
>>> Regards,
>>>
>>> "vdz" wrote:
>>>
>>>> Hello Meinolf,
>>>>
>>>> Thought I'd let you know a new good news, they can logon without
>>>> local admin. Briefly, somehow all the appropriate users in "allow
>>>> log on locally" were removed.
>>>>
>>>> All good now.
>>>>
>>>> Much appreciated.
>>>> I think it worked because of your wish .
>>>> Regards
>>>> "Meinolf Weber [MVP-DS]" wrote:
>>>>
>>>>> Hello vdz,
>>>>>
>>>>> I assume that account is deleted, so you can normally remove it.
>>>>>
>>>>> Well, that's easy good luck.
>>>>>
>>>>> Best regards
>>>>>
>>>>> Meinolf Weber
>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>> and
>>>>> confers
>>>>> no rights.
>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>> Hello Meinolf
>>>>>>
>>>>>> Yes you r right about Guest and users account in default DC
>>>>>> policy.
>>>>>> I
>>>>>> already removed them.
>>>>>> With the SID issue, I used the sidtoname as per your suggestion.
>>>>>> But
>>>>>> it does
>>>>>> not resolve the SID in "allow logon locally".
>>>>>> Thanks again for your help, I have to wait until tomorrow to see
>>>>>> if
>>>>>> they can logon without local admin. Wish me luck
>>>>>> kind regards
>>>>>> "Meinolf Weber [MVP-DS]" wrote:
>>>>>>
>>>>>>> Hello vdz,
>>>>>>>
>>>>>>> In the Default domain controllers policy i would nopt have the
>>>>>>> users and guests. Normally there is no need for them to logon to
>>>>>>> a DC, espcially GUESTS.
>>>>>>>
>>>>>>> The long number is a SID if starting with
>>>>>>> S-1-5xxxxxxxxxxxxxxxxxxxxxxxxxxxx, this will be shown if there
>>>>>>> is a deleted account from the database, the SID's will then be
>>>>>>> shown instead of the name.
>>>>>>>
>>>>>>> This can help you to resolve SID's:
>>>>>>> http://www.joeware.net/freetools/tools/sidtoname/index.htm Best
>>>>>>> regards
>>>>>>>
>>>>>>> Meinolf Weber
>>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>>>> and
>>>>>>> confers
>>>>>>> no rights.
>>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>>> ** HELP us help YOU!!!
>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>>> Hello Meinolf
>>>>>>>>
>>>>>>>> Thanks again for your help,
>>>>>>>> I had a closer look at all GPOs in use again.
>>>>>>>> Here is what I found:
>>>>>>>> in default domain controller policy
>>>>>>>> "Allow log on locally" is defined and including Administrators,
>>>>>>>> users,
>>>>>>>> guests, backup operators, server operators etc...
>>>>>>>> In default domain policy
>>>>>>>> "Allow log on locally" is defined but only including
>>>>>>>> Administrators
>>>>>>>> and
>>>>>>>> another account which is a long number, that is all. So I am
>>>>>>>> going
>>>>>>>> to
>>>>>>>> add
>>>>>>>> appropriate users to see if it works.
>>>>>>>> Regards,
>>>>>>>> vdz
>>>>>>>> "Meinolf Weber [MVP-DS]" wrote:
>>>>>>>>> Hello vdz,
>>>>>>>>>
>>>>>>>>> I am really sure that has nothing to do with the trust. Then
>>>>>>>>> it should appear if you remove the trust, which doesn't help
>>>>>>>>> as you said.
>>>>>>>>>
>>>>>>>>> Sounds for me still like policy issue. I would go back to the
>>>>>>>>> default user account settings/policy, without adding them to
>>>>>>>>> remote desktop users group or "Allow logon to TS" etc. Seems
>>>>>>>>> for me that the "allow logon locally" setting is now
>>>>>>>>> configured only for the servers and removed/overrides the
>>>>>>>>> ability to logon to their local machines.
>>>>>>>>>
>>>>>>>>> Best regards
>>>>>>>>>
>>>>>>>>> Meinolf Weber
>>>>>>>>> Disclaimer: This posting is provided "AS IS" with no
>>>>>>>>> warranties,
>>>>>>>>> and
>>>>>>>>> confers
>>>>>>>>> no rights.
>>>>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>>>>> ** HELP us help YOU!!!
>>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>>>>> Hello Meinolf,
>>>>>>>>>>
>>>>>>>>>> Yes the problem is at their end, they logon locally and "log
>>>>>>>>>> on to" their domain that was the first thing I told them to
>>>>>>>>>> check. I did check every single GPO in use, I also added a
>>>>>>>>>> particular user to "Allow log on locally" and asked her to
>>>>>>>>>> logon to her PC, she could not at all, but weird thing I can
>>>>>>>>>> log on as her (her username and password) using RDC on her
>>>>>>>>>> PC. And I eventually removed the 2-way trust but the issue
>>>>>>>>>> still persists.
>>>>>>>>>>
>>>>>>>>>> I ran out of clues, thanks a lot for your help so far.
>>>>>>>>>>
>>>>>>>>>> Regards
>>>>>>>>>> "Meinolf Weber [MVP-DS]" wrote:
>>>>>>>>>>> Hello vdz,
>>>>>>>>>>>
>>>>>>>>>>> Just to be sure, you did check the policy in the problem
>>>>>>>>>>> domain and the users trying to logon are also from the OTHER
>>>>>>>>>>> domain logging on THEIR domain?
>>>>>>>>>>>
>>>>>>>>>>> Also check this:
>>>>>>>>>>> Computer Configuration\Windows Settings\Security
>>>>>>>>>>> Settings\Local
>>>>>>>>>>> Policies\User
>>>>>>>>>>> Rights Assignment, "Log on locally"
>>>>>>>>>>> by default, Administrators, Backup Operators, Power Users,
>>>>>>>>>>> Users,
>>>>>>>>>>> and
>>>>>>>>>>> Guest should be available to logon locally.
>>>>>>>>>>> You have to check all GPO's in use not only the default
>>>>>>>>>>> one's.
>>>>>>>>>>> Best regards
>>>>>>>>>>> Meinolf Weber
>>>>>>>>>>> Disclaimer: This posting is provided "AS IS" with no
>>>>>>>>>>> warranties,
>>>>>>>>>>> and
>>>>>>>>>>> confers
>>>>>>>>>>> no rights.
>>>>>>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>>>>>>> ** HELP us help YOU!!!
>>>>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>>>>>>> Hello Meinolf,
>>>>>>>>>>>>
>>>>>>>>>>>> I did check this GPO but they are not defined (both Default
>>>>>>>>>>>> domain policy and default domain controller policy). The
>>>>>>>>>>>> CEO at their end seems not to be happy at all.
>>>>>>>>>>>>
>>>>>>>>>>>> Regards,
>>>>>>>>>>>>
>>>>>>>>>>>> "Meinolf Weber [MVP-DS]" wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Hello vdz,
>>>>>>>>>>>>>
>>>>>>>>>>>>> If they get the error message on there local computer,
>>>>>>>>>>>>> when trying to logon with domain user account, password
>>>>>>>>>>>>> and choosing there OWN domain in "Logon to", check that
>>>>>>>>>>>>> none GPO in the domain is configured with "Deny logon
>>>>>>>>>>>>> locally".
>>>>>>>>>>>>>
>>>>>>>>>>>>> Best regards
>>>>>>>>>>>>>
>>>>>>>>>>>>> Meinolf Weber
>>>>>>>>>>>>> Disclaimer: This posting is provided "AS IS" with no
>>>>>>>>>>>>> warranties,
>>>>>>>>>>>>> and
>>>>>>>>>>>>> confers
>>>>>>>>>>>>> no rights.
>>>>>>>>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>>>>>>>>> ** HELP us help YOU!!!
>>>>>>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>>>>>>>>> Hello Meinolf,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Sorry for confusion.
>>>>>>>>>>>>>> They can logon Terminal Server using RDC, they have no
>>>>>>>>>>>>>> problems
>>>>>>>>>>>>>> with
>>>>>>>>>>>>>> this
>>>>>>>>>>>>>> logon,
>>>>>>>>>>>>>> They did have the problem with logon on their PCs and I
>>>>>>>>>>>>>> had
>>>>>>>>>>>>>> to
>>>>>>>>>>>>>> assign
>>>>>>>>>>>>>> each
>>>>>>>>>>>>>> users to local administrator of his/her PC.
>>>>>>>>>>>>>> What I meant was that because they have the TS up and
>>>>>>>>>>>>>> running
>>>>>>>>>>>>>> and
>>>>>>>>>>>>>> users have
>>>>>>>>>>>>>> logon to this TS, somehow it might cause this issue.
>>>>>>>>>>>>>> At my end, I have done a trust between 2 forests before
>>>>>>>>>>>>>> with
>>>>>>>>>>>>>> another
>>>>>>>>>>>>>> partner, we did not have any issues and we did not have
>>>>>>>>>>>>>> TS.
>>>>>>>>>>>>>> Thanks a lot
>>>>>>>>>>>>>> Regards
>>>>>>>>>>>>>> "Meinolf Weber [MVP-DS]" wrote:
>>>>>>>>>>>>>>> Hello vdz,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On which of them did they have the problem, please give
>>>>>>>>>>>>>>> some more detail's? Or did they logon to the DC for
>>>>>>>>>>>>>>> work, same for exchange?
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Or did they work only on the TS? If that is the case,
>>>>>>>>>>>>>>> did they use the correct amount of TS Client access
>>>>>>>>>>>>>>> licenses? Which mode is the TS running, application or
>>>>>>>>>>>>>>> remote administration?
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Best regards
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Meinolf Weber
>>>>>>>>>>>>>>> Disclaimer: This posting is provided "AS IS" with no
>>>>>>>>>>>>>>> warranties,
>>>>>>>>>>>>>>> and
>>>>>>>>>>>>>>> confers
>>>>>>>>>>>>>>> no rights.
>>>>>>>>>>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>>>>>>>>>>> ** HELP us help YOU!!!
>>>>>>>>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>>>>>>>>>>> they have:
>>>>>>>>>>>>>>>> 1X 2003 terminal server
>>>>>>>>>>>>>>>> 1x 2003 DC
>>>>>>>>>>>>>>>> 1x 2003 file server + Exchange 07
>>>>>>>>>>>>>>>> Apparently they all have logon locally and remote
>>>>>>>>>>>>>>>> desktop
>>>>>>>>>>>>>>>> (Terminal
>>>>>>>>>>>>>>>> services) as well where I think the issue lies on.
>>>>>>>>>>>>>>>> Thanks a lot Meinolf
>>>>>>>>>>>>>>>> Regards
>>>>>>>>>>>>>>>> "Meinolf Weber [MVP-DS]" wrote:
>>>>>>>>>>>>>>>>> Hello vdz,
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Where do they logon, sounds like on the server? Is
>>>>>>>>>>>>>>>>> that a terminal server or domain controller or member
>>>>>>>>>>>>>>>>> server? Are the users allowed to logon locally and in
>>>>>>>>>>>>>>>>> the remote desktop user group?
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Best regards
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Meinolf Weber
>>>>>>>>>>>>>>>>> Disclaimer: This posting is provided "AS IS" with no
>>>>>>>>>>>>>>>>> warranties,
>>>>>>>>>>>>>>>>> and
>>>>>>>>>>>>>>>>> confers
>>>>>>>>>>>>>>>>> no rights.
>>>>>>>>>>>>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>>>>>>>>>>>>> ** HELP us help YOU!!!
>>>>>>>>>>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>>>>>>>>>>>>> The local policy of this system does not permit you
>>>>>>>>>>>>>>>>>> to logon interactively
>>>>>>>>>>>>>>>>>>