• State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 96 subscribers
  • Views 4160 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Login to terminal server permitted <-> TSAllowLogonTerminalServer and Login hours <-> LogonHours (String) set to Deny by defaultone

jpatel

Hi All,

We have run in to an issue when a we create a user account, OneIM is setting the two attributes to deny by default... how can i either disable this or make it enable by default?  

Thank you for your help.

  • 0 in reply to George Cerbone

    That would help huh?  its OneIM 8.0

  • 0 in reply to jpatel

    OOTB, the template for Login hours is set to all 1s, or allow login at any time.  Take a look at the template for ADSAccount.LogonHours to see if that has been customized.

    The template for TSAllowLoginTerminalServer comes from the value on the person object (Assuming the account definition is fully managed, which on a create it should be.)  So check the property Person.IsTerminalServerAllowed on the associated person.  This will be false unless you are setting it somewhere.

  • 0 in reply to George Cerbone

    ADSAccount.LogonHours was commented out i'll activate the code and test..... The Person.IsTerminalServerAllowed doesn't have any Triggers in for template under value calculation.  And Yes the Acct.Def is fully managed.

  • 0 in reply to jpatel

    OK, sounds like those templates were both customized then.  You can revert to the default template if you want that behavior.

  • 0 in reply to George Cerbone

    but how do i revert back Person.IsTerminalServerAllowed to original?  There is nothing in the template.... i'd post the image but it doesn't allow me to post the pic in here.  Usually there is an icon i click and it puts the original code back in.  Thanks in Advance!

  • 0 in reply to jpatel

    Person.IsTerminalServerAllowed is empty OOTB, so that is the original.  ADSAccount.TSAllowLoginTerminalServer should have a template in it that copies from Person.IsTerminalServerAllowed.  So you can either write a template for Person.IsTerminalServerAllowed, or set it as part of your Person import process.

  • +1 in reply to George Cerbone

    A word of caution ...... "Person.IsTerminalServerAllowed is empty OOTB" ..... true ..... which means that the value is NULL in the database.  The default template on ADSAccount.TSAllowLoginTerminalServer takes its value from Person.IsTerminalServerAllowed.  As such it will always return FALSE.  I know this because in my early days I switched off RDP access for all users due to this 'feature'!  If you want it to be TRUE in all cases simply modify the template to set Value=True.

  • 0 in reply to Barry Jackson

    Thank you All for your help on this issue... i was able to set the templates correctly and its working great!