Support Home Sales Website Technology Contact Us
RDP Support  


RDPWin KB Booking Engine - IRM.Net RDPWin4 & PCI Compliance Search

All users of Windows 2000 or XP must be a member of local Administrator Group

Added 12/18/02 - Article ID#: K000119

Microsoft added significant local security to Windows 2000 and Windows XP. A user with minimal rights does not have access to write files to the "C" drive, or to re-direct printing to shared network printers, both of which are required for RDP software to function properly.

To solve this problem each user of a Windows 2000 or XP workstation must be a member of the administrator group on the workstation, which gives the user complete access and all rights for the local workstation.   Please note that network security is not compromised, since the user must only be a member of the local administrator group on Windows 2000/XP workstations.  All RDP users should not be a member of the domain administrator group.  To add a user to the local administrator group:

  1. From the Windows 2000 or XP workstation, log on as Administrator, or a user who is already a member of the Administrator group for that workstation.
  2. Select Start-Settings-Control Panel-Administrative Tools-Computer Management
  3. Select "Local users and Groups" from the left hand pane and then select the "Groups" option.
  4. Double Click the "Administrators" Icon from the right hand pane and select "Add"
  5. From the drop down box, select the Domain name of your Windows 2000 Domain.
  6. Add the RDP group from the Windows 2000 Domain to the local Administrator group.  See Note below.
  7. Repeat the process above for every Windows 2000 and Windows XP workstation.

NOTE:  Most RDP customers with Windows 2000 servers use Active Directory and have created an RDP Group at the Windows 2000 Domain level.  All RDP users should be added to the RDP group at the Domain level.  By then adding the domain RDP group to the local Administrators group on each Windows 2000 and Windows XP workstation, every RDP user in the RDP Group has administrative rights to the local machine.  This allows printing to function correctly, as well as writing files to the local "C" drive.

Novell Users:  For Novell customers, there is no "domain" available to add the RDP group.  Therefore, you must add every user name to the local administrator group for each Windows 2000 or XP workstation. This can be a very cumbersome process.  Please keep in mind that RDP suggests all customers using Novell migrate to Windows 2000.

Troubleshooting - Windows XP Slow Printing

With Windows XP, Microsoft made a change that delays all DOS print jobs by 15 seconds. To accelerate printing, every computer using any version of Windows XP will need the changes described in the link below. This includes the Windows 2003 data server.  If using Citrix or terminal services, the changes must also be implemented on the Windows 2003 server running Citrix/Terminal Services, as well as each workstation that uses the Windows XP operating system.

Links to documents related to printing with RDP

Windows XP Users Must Be a Member of Local Administrator Group

Microsoft added significant local security to Windows XP.  A user with minimal rights does not have access to write files to the "C" drive or to re-direct printing to shared network printers, both of which are required for RDP software to function properly. 

To solve this problem, each user of a Windows 2000 or XP workstation must be a member of the administrator group on the workstation, which gives the user complete access and all rights for the local workstation.  

Note: network security is not compromised, since the user must only be a member of the local administrator group on Windows XP workstations.  All RDP users should not be a member of the domain administrator group.  To add a user to the local administrator group, see the link below:

Support Home  RDPWin4 & PCI Compliance Enhancement Requests Open A Web Support Ticket
Training New Sales Website Old Sales Website Contact Us

 Facebook     Twitter      LinkedIn   TODF