Terminal Server User Access Permissions

Ketika saya sudah melakukan install Terminal Server pada OS Windows Server 2003 X64 ternyata terdapat error "To log on to this remote computer, you must have Terminal Server User Access permissions on this computer. By default, members of the Remote Desktop Users group have these permissions. If you are no a member of the Remote Desktop Users group or another group that has these permissions, or if the Remote Desktop User group does not have these permissions, you must be granted these permissions manually." dengan gambar seperti dibawah ini :

Solusinya yaitu :


1. Masuk ke Terminal Server Configuration
2. Klik kanan RDP-TCP, kemudian Properties
3. Pilih tab "Permissions"
4. Klik Add, masukan nama User / Group User yang diperbolehkan melakukan akses.
5. Check list Allow Full Control User / Group User yang baru ditambahkan.

Source: Mbah Google

Demikian, dan berhasil :)

Error Firewall IPNat.sys

Masalah ini terjadi ketika Server tidak bisa diakses oleh Computer lain, padahal melalui Server tersebut akses ke ip terdapat folder-folder yang disharing. Dan computer lain tidak bisa melakukan ping ke server.
Solusinya :
1. Klik kanan My Computer>Manager>Services and Applications>Services.
2. Disable Routing and Remote Access service
3. Setting ulang Gateway pada TCP/IP
4. Jika diperlukan lakukan "Repair"
5. Masuk CMD dan jalankan perintah "ipconfig /flushdns"
Beres deh.

Found this tidbit while researching this problem:
Can't enable windows Firewall on a RRAS server - Windows firewall cannot run because another program or service is running that might use the network address translation component (Ipnat.sys)
Situation: one of our clients could not get the windows Firewall to work. Whenever they tried to start the Windows Firewall, they received the following message: "Windows firewall cannot run because another program or service is running that might use the network address translation component (Ipnat.sys).

What they tried:

They event tried to stop the RRAS but got the same result. They finally make it work by disabling the RRAS.

Recommendation: It is not recommended to use Windows Firewall on a RRAS server. If you use the server as a router, you should enable NAT; if you use the server as VPN, you should have another firewall. If, for some reasons, you do want to enable Windows Firewall in the Windows 2003, you may need to disable the RRAS. To do that, right-click on My Computer>Manager>Services and Applications>Services. Disable Routing and Remote Access service

When I disabled RRAS, I could get into my Firewall settings. I then shut off my firewall and re-configured RRAS.

Sukses bro...

Windows Cannot Set The Password

When you are adding users to a Windows Server 2003 you receive a message

Titled: Active Directory

And the stop message:
Windows cannot set the password for because: The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements.

---

Your IT experience should have taught you a few things:
1: Computers need to be more secure.
2: Users don't want to deal with security.
(More specifically they don't want to enter in difficult passwords.)

---

By default Windows Server 2003 requires passwords to meet the following criteria for strong passwords.

• Has at least 6 characters
• Does not contain "Administrator" or "Admin"
• Contains characters from three of the following categories:
  • Uppercase letters (A, B, C, and so on)
  • Lowercase letters (a, b, c, and so on)
  • Numbers (0, 1, 2, and so on)
  • Non-alphanumeric characters (#, &, ~, and so on)

Caution: Loosening password restrictions decreases security.

---

Select Domain Security Policy from Administrative Tools.

---

Click on Security Settings > Account Policies > Password Policy.

Right-click on Minimum password length in the right pane.

Click Properties from the context menu.

---

Do not remove the check from the Define this policy setting checkbox!

Enter a new minimum password length. Entering a Zero (0) will remove the password requirement.

Click the OK button.

---

Double-click on Passwords must meet complexity requirements in the right pane.

---

Do not remove the check from the Define this policy setting checkbox!

Select the Disabled option.
(This will allow simpler passwords.)

Click the OK button.

---

Close the Default Domain Security Settings window.

---

Now, you need to put the new Password Policy into effect.


Click Start > Run...

Type cmd into the Open: input box.

Click the OK button.

---

Type gpupdate /force at the Command Prompt.

Press the [Enter] key.

Type exit.

Press the [Enter] key.

---

Process complete

Source: tacktech.com


Yup sangat sukses, error dapat diatasi :)

How to Crack Terminal Services

HOW TO RESET WINDOWS TERMINAL SERVICES 3 MONTH TRIAL
Warning: greyhat content.

Thanks to a Microsoft article, I've found out that it is very easy to extend your Windows Terminal Services 3-month trial or experience time. It's so easy that I'm sure many administrators have done this in their own systems, while waiting for their managers or financial staff to buy the definitive licenses (not being hypocrite here).

Following these instructions, you don't have to crack any program. You won't mess with your system. The magic is to only delete the licenses databases both in the server and the clients, and let windows re-create them for you.

----

Make sure you've installed "Terminal Services Licensing". By the way, this method only makes sense if you need to use Terminal Services in Application Mode, which is the one that requires licensing.

The idea is quite simple.

First, disconnect all users from the terminal. If you need to do this remotely, you can also disconnect yourself, and access the files remotely.

1. Go to %WINDIR%\system32\lserver
2. Notice the file TSLIC.edb. Rename it to tslic.old
3. In every client computer, remove the CAL TS registry keys, located at:
4. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSLicensing
5. Restart your server.

Finally, if you need more information about how to crack terminal services, go check at Microsoft's web site. See the "Cause 2" steps. :-)

Shouldn't MS improve the security for TS Licensing in the next versions of Windows (2003 with SP1 is also easy to "crack")?

PS> I am definitely against software piracy. I strongly believe that Microsoft should strength their anti-piracy policy. Only then they could theoretically lower their licensing prices. The biggest result, though, would be a huge increase of free software popularity. Only then we, FOSS proponents, would have the opportunity to prove our paradigm is superior (now I'm being hypocrite, I guess).

UPDATE: Since Windows 2003, instead of following the complex process above, you can just switch to "Per User" mode. As long as you have a TS Licensing server up, it should work, even if you don't have license. If that's not the case please leave a comment below.

Terminal Server User Access permissions

Sudden "...you must have Terminal Server User Access permissions on this computer." Error.

I have a Small Business Server 2003 R2 Server running Team Foundation Server tucked out of the way to conserve desk space (three servers, two clients, two desks: not much space).  I don't have it hooked up to a monitor (one: don't have that many monitors, and two: desk space).  So, I've been merrily using Remote Desktop Connection (RDC) in Windows XP to connect to this server to perform my various administration tasks (like install service packs, hot fixes, etc.).
Well, I finally had a couple of cycles to install some hotfixes for the new daylight savings time changes to various components, so I sparked up RDC to get the ball rolling on my server--as I have done many times before.  I was greeted with a message box as I logged in:

To log on to this remote computer, you must have Terminal Server User Access Permissions on this computer. By default, members of the Remote Desktop group have these permissions. If you are not a member of the Remote Desktop Users group or another group that has these permissions, or if the Remote Desktop User group does not have these permissions, you must be granted these permissions manually.

Needless to say I was dumbfounded--it worked fine yesterday.  After a bit of searching, it appears it was the 120 day anniversary of creating this server and Terminal Server (which is what is used for an application server in Small Business Server) had "expired" (i.e. its grace period for CALs had expired).  I was used to installing Windows Server and setting up Terminal Server for remote administration (there was a setting for that in Windows Server, I honestly don't remember what Small Business Server asked me when I installed; it certainly wasn't clear it was different the other Windows Server installation processes).  Apparently I missed the memo that remote administration is now called "Remote Desktop".  Clearly a WTF moment.
As it turns out, the hoops to get back to the ability of remote administration aren't clearly documented (I actually couldn't find any documentation on the process, I actually inferred the process from various non-Microsoft sources--there could be documentation somewhere, I just didn't find it).  The process requires that Terminal Server be uninstalled, the server rebooted, and Remote Desktop be re-enabled.  A point-list of the steps:

1. Run Add/Remove Programs (run "appwiz.cpl")
2. Click Add/Remove Windows Components (Alt-W)
3. Uncheck Terminal Server
4. Press Next>.
5. Follow instructions, including rebooting.
6. Open System control panel applet (run "sysdm.cpl")
7. Click Remote tab.
8. Check Enable Remote Desktop on this computer. (because removing Terminal Server disables this)
9. Click Select Remote Users...
10. Make sure administrators is in the list.
11. Click OK.
12. Click OK. for the next dialog.
13. Wait a few minutes for things to get up and running and you're no ready for remote administration again.

I hope this helps someone get back up and running faster than I did...
 
Source: PeterRitchie