Terminal-Server

終端伺服器 2008 登錄:在 RDP 嘗試時訪問被拒絕

  • June 28, 2012

當我嘗試將 RDP 連接到 Server 2008 終端伺服器時,我收到一條消息,上面寫著“拒絕訪問”和一個確定按鈕。我正確設置了許可模式(每個使用者),並且還設置了允許所有遠端連接。我在安全事件日誌中得到以下資訊:

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          28/06/2012 12:01:16
Event ID:      4656
Task Category: File System
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      FQDN COMPUTER 
Description:
A handle to an object was requested.

Subject:
   Security ID:        DOMAIN\ACCOUNT
   Account Name:       ACCOUNT
   Account Domain:     DOMAIN
   Logon ID:       0xbbe3f

Object:
   Object Server:      Security
   Object Type:        File
   Object Name:        C:\Windows\System32\ServerManager.msc
   Handle ID:      0x0

Process Information:
   Process ID:     0x60c
   Process Name:       C:\Windows\System32\mmc.exe

Access Request Information:
   Transaction ID:     {00000000-0000-0000-0000-000000000000}
   Accesses:       READ_CONTROL
               SYNCHRONIZE
               WriteData (or AddFile)
               AppendData (or AddSubdirectory or CreatePipeInstance)
               WriteEA
               ReadAttributes
               WriteAttributes

   Access Reasons:     READ_CONTROL:   Granted by  D:(A;;0x1200a9;;;BA)
               SYNCHRONIZE:    Granted by  D:(A;;0x1200a9;;;BA)
               WriteData (or AddFile): Not granted
               AppendData (or AddSubdirectory or CreatePipeInstance):  Not granted
               WriteEA:    Not granted
               ReadAttributes: Granted by ACE on parent folder D:(A;;0x1301bf;;;BA)
               WriteAttributes:    Not granted

   Access Mask:        0x120196
   Privileges Used for Access Check:   -
   Restricted SID Count:   0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
 <System>
   <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
   <EventID>4656</EventID>
   <Version>1</Version>
   <Level>0</Level>
   <Task>12800</Task>
   <Opcode>0</Opcode>
   <Keywords>0x8010000000000000</Keywords>
   <TimeCreated SystemTime="2012-06-28T15:01:16.975080700Z" />
   <EventRecordID>1535565</EventRecordID>
   <Correlation />
   <Execution ProcessID="540" ThreadID="556" />
   <Channel>Security</Channel>
   <Computer>FQDN COMPUTER/Computer>
   <Security />
 </System>
 <EventData>
   <Data Name="SubjectUserSid">S-1-5-21-205301047-3902605089-2438454170-21511219</Data>
   <Data Name="SubjectUserName">ACCOUNT</Data>
   <Data Name="SubjectDomainName">DOMAIN</Data>
   <Data Name="SubjectLogonId">0xbbe3f</Data>
   <Data Name="ObjectServer">Security</Data>
   <Data Name="ObjectType">File</Data>
   <Data Name="ObjectName">C:\Windows\System32\ServerManager.msc</Data>
   <Data Name="HandleId">0x0</Data>
   <Data Name="TransactionId">{00000000-0000-0000-0000-000000000000}</Data>
   <Data Name="AccessList">%%1538
               %%1541
               %%4417
               %%4418
               %%4420
               %%4423
               %%4424
               </Data>
   <Data Name="AccessReason">%%1538:   %%1801  D:(A;;0x1200a9;;;BA)
               %%1541: %%1801  D:(A;;0x1200a9;;;BA)
               %%4417: %%1805
               %%4418: %%1805
               %%4420: %%1805
               %%4423: %%1811  D:(A;;0x1301bf;;;BA)
               %%4424: %%1805
               </Data>
   <Data Name="AccessMask">0x120196</Data>
   <Data Name="PrivilegeList">-</Data>
   <Data Name="RestrictedSidCount">0</Data>
   <Data Name="ProcessId">0x60c</Data>
   <Data Name="ProcessName">C:\Windows\System32\mmc.exe</Data>
 </EventData>
</Event>

有任何想法嗎?

這是解決方案:

http://blog.danielcosta.pt/?p=371

遠端桌面服務正在使用“LocalSystem”帳戶執行。如果將此系統資料庫項與其他工作伺服器進行比較,您會發現您需要讓該伺服器執行“NT AuthorityNetworkService”。

看起來它正在嘗試在您首次登錄時打開伺服器管理器,但使用者沒有這樣做的權限。

使用者是否在伺服器上以本地管理員身份登錄?

在伺服器管理器中,點擊第一個螢幕上的“登錄時不顯示此控制台”。

引用自:https://serverfault.com/questions/403101