This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Login to terminal server permitted <-> TSAllowLogonTerminalServer and Login hours <-> LogonHours (String) set to Deny by defaultone

Hi All,

We have run in to an issue when a we create a user account, OneIM is setting the two attributes to deny by default... how can i either disable this or make it enable by default?  

Thank you for your help.

Parents Reply
  • OOTB, the template for Login hours is set to all 1s, or allow login at any time.  Take a look at the template for ADSAccount.LogonHours to see if that has been customized.

    The template for TSAllowLoginTerminalServer comes from the value on the person object (Assuming the account definition is fully managed, which on a create it should be.)  So check the property Person.IsTerminalServerAllowed on the associated person.  This will be false unless you are setting it somewhere.

Children
  • ADSAccount.LogonHours was commented out i'll activate the code and test..... The Person.IsTerminalServerAllowed doesn't have any Triggers in for template under value calculation.  And Yes the Acct.Def is fully managed.

  • OK, sounds like those templates were both customized then.  You can revert to the default template if you want that behavior.

  • but how do i revert back Person.IsTerminalServerAllowed to original?  There is nothing in the template.... i'd post the image but it doesn't allow me to post the pic in here.  Usually there is an icon i click and it puts the original code back in.  Thanks in Advance!

  • Person.IsTerminalServerAllowed is empty OOTB, so that is the original.  ADSAccount.TSAllowLoginTerminalServer should have a template in it that copies from Person.IsTerminalServerAllowed.  So you can either write a template for Person.IsTerminalServerAllowed, or set it as part of your Person import process.

  • A word of caution ...... "Person.IsTerminalServerAllowed is empty OOTB" ..... true ..... which means that the value is NULL in the database.  The default template on ADSAccount.TSAllowLoginTerminalServer takes its value from Person.IsTerminalServerAllowed.  As such it will always return FALSE.  I know this because in my early days I switched off RDP access for all users due to this 'feature'!  If you want it to be TRUE in all cases simply modify the template to set Value=True.

  • Thank you All for your help on this issue... i was able to set the templates correctly and its working great!