First off yes, we still have windows 2000 servers around. I have about 7 left, they are running old legacy applications that are no longer supported (Jet forms anyone?). Gotta love those type of applications
We started last year, but this year we are really working on limiting IT?s roles and responsibilities which means not everyone is a domain admin and not everyone gets to be admin on the servers. We?ve been defining what role needs what access. Most of the time just giving them RDP access to the server is enough. In 2003 and 2008 there is a group for RDP access, but not in 2000. If you just enable the admin mode on a 2000 server it allows you 2 remote connections, but only for members of the admin group.
But I found a MS KB that explains how to allow anyone to RDP into a 2000 server, with the limit of two concurrent connections.
Here are the steps from the KB
You can give additional groups and users logon permissions. The members of the Server Operators group, for example, would then be able to log on and manage the Terminal Services-based server without having to be a member of the Administrators group. To add additional groups or users:
- Click Start, point to Programs, point to Administrative Tools, and then click Terminal Services Configuration.
- in the tree in the left pane, click Connections.
- Click the RDP-TCP connection in the right pane, and then click Properties on the Action menu.
- Click the Permissions tab.
NOTE: Only Administrator and System accounts appear.
- Click Add. Search for the groups or users that are appropriate for your Terminal Services management (such as the Server Operators group). Click Add to place them in the bottom pane. Click OK.
NOTE: The Server Operators group appears in the RDP-TCP properties; the permissions in the bottom pane are not enough to manage the server because only Guest Access is selected by default.
- Click to select the User Access check box for basic tasks or both the User Access and Full Control check boxes to fully manage the server, and then click Apply.
- Click OK.
- Test by logging on the accounts in the Server Operators group.