views:

1886

answers:

0

I have a room with (4) Windows 2003 x86_64 systems running over a LAN. The domain controller is running Active Directory, which is enforcing a global security policy. Admins are able to remote into the domain server. Domain users are not. Domain users are members of one group, the Domain Users group. Under the global policy the following is set.

DENY Network Access | Enabled | SUPPORT Allow Logon Through Terminal Services | Enabled | Domain Users Deny Logon Through Terminal Services | Disabled

The Remote Desktop Users group has been removed.

When users attempt to log in over Remote Desktop they are given the obligatory error message stating that they need to be a member of the Remote Desktop Users group or have the Allow Logon Through Terminal Services setting.

Considering that this setting is enabled for their group, any thoughts on what could be preventing this access?