diff --git a/sesman/access.c b/sesman/access.c
index 00c9c381..692575e5 100644
--- a/sesman/access.c
+++ b/sesman/access.c
@@ -42,7 +42,7 @@ access_login_allowed(char *user)
         return 0;
     }
 
-    if (0 == g_cfg->sec.ts_users_enable)
+    if ((0 == g_cfg->sec.ts_users_enable) && (0==g_cfg->sec.ts_always_group_check))
     {
         LOG_DBG("Terminal Server Users group is disabled, allowing authentication",
                 1);
@@ -57,7 +57,7 @@ access_login_allowed(char *user)
 
     if (g_cfg->sec.ts_users == gid)
     {
-        LOG_DBG("ts_users is user's primary group");
+        log_message(LOG_LEVEL_DEBUG,"ts_users is user's primary group");
         return 1;
     }
 
diff --git a/sesman/config.c b/sesman/config.c
index 9938249f..e2131c14 100644
--- a/sesman/config.c
+++ b/sesman/config.c
@@ -286,13 +286,18 @@ config_read_security(int file, struct config_security *sc,
                 sc->ts_admins = gid;
             }
         }
+        if (0 == g_strcasecmp(buf, SESMAN_CFG_SEC_ALWAYSGROUPCHECK))
+        {
+            sc->ts_always_group_check = text2bool((char *)list_get_item(param_v, i));
+        }	
     }
 
     /* printing security config */
     g_printf("security configuration:\r\n");
     g_printf("\tAllowRootLogin:       %i\r\n", sc->allow_root);
     g_printf("\tMaxLoginRetry:        %i\r\n", sc->login_retry);
-
+    g_printf("\tAlwaysGroupCheck:     %i\r\n", sc->ts_always_group_check);
+    
     if (sc->ts_users_enable)
     {
         g_printf("\tTSUsersGroup:         %i\r\n", sc->ts_users);
diff --git a/sesman/config.h b/sesman/config.h
index 72c6cac4..263975b3 100644
--- a/sesman/config.h
+++ b/sesman/config.h
@@ -56,6 +56,7 @@
 #define SESMAN_CFG_SEC_ALLOW_ROOT    "AllowRootLogin"
 #define SESMAN_CFG_SEC_USR_GROUP     "TerminalServerUsers"
 #define SESMAN_CFG_SEC_ADM_GROUP     "TerminalServerAdmins"
+#define SESMAN_CFG_SEC_ALWAYSGROUPCHECK "AlwaysGroupCheck"
 
 #define SESMAN_CFG_SESSIONS          "Sessions"
 #define SESMAN_CFG_SESS_MAX          "MaxSessions"
@@ -93,6 +94,11 @@ struct config_security
    */
   int ts_admins_enable;
   int ts_admins;
+  /**
+   * @var ts_always_group_check
+   * @brief if the Groups are not found deny access
+   */
+  int ts_always_group_check;
 };
 
 /**
diff --git a/sesman/sesman.ini b/sesman/sesman.ini
index f2a210a4..571e063b 100644
--- a/sesman/sesman.ini
+++ b/sesman/sesman.ini
@@ -10,6 +10,9 @@ AllowRootLogin=1
 MaxLoginRetry=4
 TerminalServerUsers=tsusers
 TerminalServerAdmins=tsadmins
+# When AlwaysGroupCheck = false access will be permitted 
+# if the group TerminalServerUsers is not defined.
+AlwaysGroupCheck = false
 
 [Sessions]
 X11DisplayOffset=10
diff --git a/xrdp/xrdp_wm.c b/xrdp/xrdp_wm.c
index e779d641..502eab94 100644
--- a/xrdp/xrdp_wm.c
+++ b/xrdp/xrdp_wm.c
@@ -455,7 +455,7 @@ xrdp_wm_load_static_colors_plus(struct xrdp_wm *self, char *autorun_name)
                     else if (g_strcasecmp(val, "pamerrortxt") == 0)
                     {
                         val = (char *)list_get_item(values, index);
-                        g_strncpy(self->pamerrortxt,val,256);
+                        g_strncpy(self->pamerrortxt,val,255);
                     }
                 }
             }