Questions for you Active Directory Guru's

Bulldog13

Golden Member
Jul 18, 2002
1,655
1
81
We are using Windows Server 2000 and Active Directory 2000.

Basically, I want it so that all pcs have remote desktop enabled. As it is now, it s a mix between some having is enabled, some having it enabled without domain admins under it, and some just not having it enabled.

It's kind of annoying to have to have a user log under an admin account and enable it.

Is there a way through Active Directory and GPO to do this ? I did some googling and found a way that looked like it should have worked, but I was missing the option to enable it.
GPO -> Comp Config -> admin templates -> windows components -> terminal services . I did not find anything about enabling it.


Also, does anyone know how to set the dns / wins settings on login ?

 

tfinch2

Lifer
Feb 3, 2004
22,114
1
0
You should be able to do the opposite of this like you said you tried:

http://support.microsoft.com/kb/306300/en-us

As far as set dns/wins in login do in in the login script:

netsh -c interface ip set dns "Local Area Connection" 192.168.0.1
netsh -c interface ip set wins "Local Area Connection" 192.168.0.1

The 192 address is the address you want to make the dns/wins server and "Local Area Connection" is the name of the NIC
 

Bulldog13

Golden Member
Jul 18, 2002
1,655
1
81
That's the problem.

From your link,

"3. Double-click the Allow users to connect remotely using Terminal Services policy.
4. Set the policy to Enabled, and then click OK.".

The "Allow users to connect remotely" option is not there. Does anyone have an idea as to how to install it.

BTW, for your dns/wins answer...I appreciate it :) , Would I have to add extra lines for "Local Area Connection", would I also have to add "Local Area Connection 1" (etc) for extra LAN connections ?
 

tfinch2

Lifer
Feb 3, 2004
22,114
1
0
Originally posted by: Bulldog13
That's the problem.

From your link,

"3. Double-click the Allow users to connect remotely using Terminal Services policy.
4. Set the policy to Enabled, and then click OK.".

The "Allow users to connect remotely" option is not there. Does anyone have an idea as to how to install it.

BTW, for your dns/wins answer...I appreciate it :) , Would I have to add extra lines for "Local Area Connection", would I also have to add "Local Area Connection 1" (etc) for extra LAN connections ?

Yes.
 

KB

Diamond Member
Nov 8, 1999
5,406
389
126
I couldn't find the GP setting, but I found the reg entry:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]
"fDenyTSConnections"=dword:00000000


Put this entry into a custom Group Policy, MSI, or send it out to all machines via SMS or Altiris.
 

stash

Diamond Member
Jun 22, 2000
5,468
0
0
^^That might be the only way to do it for 2000 clients.

There's an XP GPO, Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Do Not Allow New Client Connections that needs to be set to disabled. You can upgrade your 2000 GPO to the XP version by using the procedure in this article: http://support.microsoft.com/kb/q307900/

You might want to try that and see if it works on the 2000 clients if you have an XP box somewhere to upgrade the GPO.
 

stash

Diamond Member
Jun 22, 2000
5,468
0
0
Sorry, I pasted the wrong GPO. The one listed earlier in the thread is the one you want. It doesn't appear because you still need to upgrade the GPO to XP using the article I linked. But looking at the description for that GPO, it says it requires at least an XP client.

I would stick with setting fDenyTSConnections to 0 using a script of some kind. Or upgrade to XP ;)