Terminal-Server
終端伺服器 2008 登錄:在 RDP 嘗試時訪問被拒絕
當我嘗試將 RDP 連接到 Server 2008 終端伺服器時,我收到一條消息,上面寫著“拒絕訪問”和一個確定按鈕。我正確設置了許可模式(每個使用者),並且還設置了允許所有遠端連接。我在安全事件日誌中得到以下資訊:
Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 28/06/2012 12:01:16 Event ID: 4656 Task Category: File System Level: Information Keywords: Audit Failure User: N/A Computer: FQDN COMPUTER Description: A handle to an object was requested. Subject: Security ID: DOMAIN\ACCOUNT Account Name: ACCOUNT Account Domain: DOMAIN Logon ID: 0xbbe3f Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ServerManager.msc Handle ID: 0x0 Process Information: Process ID: 0x60c Process Name: C:\Windows\System32\mmc.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: READ_CONTROL: Granted by D:(A;;0x1200a9;;;BA) SYNCHRONIZE: Granted by D:(A;;0x1200a9;;;BA) WriteData (or AddFile): Not granted AppendData (or AddSubdirectory or CreatePipeInstance): Not granted WriteEA: Not granted ReadAttributes: Granted by ACE on parent folder D:(A;;0x1301bf;;;BA) WriteAttributes: Not granted Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" /> <EventID>4656</EventID> <Version>1</Version> <Level>0</Level> <Task>12800</Task> <Opcode>0</Opcode> <Keywords>0x8010000000000000</Keywords> <TimeCreated SystemTime="2012-06-28T15:01:16.975080700Z" /> <EventRecordID>1535565</EventRecordID> <Correlation /> <Execution ProcessID="540" ThreadID="556" /> <Channel>Security</Channel> <Computer>FQDN COMPUTER/Computer> <Security /> </System> <EventData> <Data Name="SubjectUserSid">S-1-5-21-205301047-3902605089-2438454170-21511219</Data> <Data Name="SubjectUserName">ACCOUNT</Data> <Data Name="SubjectDomainName">DOMAIN</Data> <Data Name="SubjectLogonId">0xbbe3f</Data> <Data Name="ObjectServer">Security</Data> <Data Name="ObjectType">File</Data> <Data Name="ObjectName">C:\Windows\System32\ServerManager.msc</Data> <Data Name="HandleId">0x0</Data> <Data Name="TransactionId">{00000000-0000-0000-0000-000000000000}</Data> <Data Name="AccessList">%%1538 %%1541 %%4417 %%4418 %%4420 %%4423 %%4424 </Data> <Data Name="AccessReason">%%1538: %%1801 D:(A;;0x1200a9;;;BA) %%1541: %%1801 D:(A;;0x1200a9;;;BA) %%4417: %%1805 %%4418: %%1805 %%4420: %%1805 %%4423: %%1811 D:(A;;0x1301bf;;;BA) %%4424: %%1805 </Data> <Data Name="AccessMask">0x120196</Data> <Data Name="PrivilegeList">-</Data> <Data Name="RestrictedSidCount">0</Data> <Data Name="ProcessId">0x60c</Data> <Data Name="ProcessName">C:\Windows\System32\mmc.exe</Data> </EventData> </Event>
有任何想法嗎?
這是解決方案:
http://blog.danielcosta.pt/?p=371
遠端桌面服務正在使用“LocalSystem”帳戶執行。如果將此系統資料庫項與其他工作伺服器進行比較,您會發現您需要讓該伺服器執行“NT AuthorityNetworkService”。
看起來它正在嘗試在您首次登錄時打開伺服器管理器,但使用者沒有這樣做的權限。
使用者是否在伺服器上以本地管理員身份登錄?
在伺服器管理器中,點擊第一個螢幕上的“登錄時不顯示此控制台”。