Cubbybulin
asked on
The local policy of this system does not permit you to logon interactively
I have a Windows Server 2003 Domain Controller that served as a Terminal Server. Now, I put in another server, (not a domain controller) and I installed Terminal Services Lincensing on it, but when I try to logon using Remote Desktop, it sats, "the local policy of this system does not permit you to logon interactively." I can still logon to the DC using Remote Desktop, but not to this member server. What am I missing? Thanks!
ASKER
When I go under Remote, it does not have the "Select Remote Users" Tab. The Domain Controller does have it. ANd yes, my account is member of the Remote Desktop Users.
What happens if you test it with a member of local administrator group. Also have you tried a reboot yet ? Also, what happens when you are sitting locally on that server and try to remote desktop into it ?
check your local security policy under computer config - windows settings - security settings - local policy - user rights assignment and make sure that allow log in interactively policy has your remote desktop users groups added
ASKER
under local policy there is one policy that is called "Allow log on through terminal services" and it allows the remote desktop users
ASKER
there is no interactive logon uinder user rights assessment, only under security options, but nothing says "allow log in interactively" or similar
ASKER
Tried to log on with the administrator account (local admin) that did not work either
Hi Cubbybulin,
Try doing this on the DC:
1. Click Start, point to Programs, point to Administrative Tools, and then click Domain Controller Security Policy.
2. Double-click the Security Settings folder, double-click Local Policies, and then click User Rights Assignment.
3. Under the Policy column, click Log on Locally, and then click Add.
4. Click Browse, click the appropriate group, and then click Add. (add your account and domain admins here)
5. Click OK, click OK, and then click OK.
6. At a command prompt, type secedit /refreshpolicy machine_policy /enforce, press ENTER, and then press ENTER.
Now try logging on again using Terminal services, see what happens
Thanks
Try doing this on the DC:
1. Click Start, point to Programs, point to Administrative Tools, and then click Domain Controller Security Policy.
2. Double-click the Security Settings folder, double-click Local Policies, and then click User Rights Assignment.
3. Under the Policy column, click Log on Locally, and then click Add.
4. Click Browse, click the appropriate group, and then click Add. (add your account and domain admins here)
5. Click OK, click OK, and then click OK.
6. At a command prompt, type secedit /refreshpolicy machine_policy /enforce, press ENTER, and then press ENTER.
Now try logging on again using Terminal services, see what happens
Thanks
Also, if you havent tried rebooting, try rebooting.
Other articles of interest to you:
http://support.microsoft.com/?kbid=276590 (make sure the administrator is not a member of any other group, that is being denied access through the policy)
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q186/5/29.ASP&NoWebContent=1
http://support.microsoft.com/?kbid=267553
User maybe authenticated by wrong domain:
http://support.microsoft.com/?kbid=227904
Thanks and Good Luck!
http://support.microsoft.com/?kbid=276590 (make sure the administrator is not a member of any other group, that is being denied access through the policy)
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q186/5/29.ASP&NoWebContent=1
http://support.microsoft.com/?kbid=267553
User maybe authenticated by wrong domain:
http://support.microsoft.com/?kbid=227904
Thanks and Good Luck!
ASKER
I added Remote Desktop Users to "allow log on locally" but it did not work, i still cant log in. I rebooted. Nothing. There is only one domain. This Server is NOT a domain controller it is only a Member Server.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Oh yeah...dummy me...under RDP-TCP permissions, only the local administrators had permissions, (e.g. ibmserver/administrators and ibmserver/remote desktop users) not the domain administrators or remote desktop users. I added the domain users and remote desktop users and it works now! Thanks!
glad to help...
You might want to check these articles out:
Remote desktop connection "The local policy of this system does not permit you to logon interactively":
http://support.microsoft.com/?kbid=289289
Are you a local/domain administrator on the server you are trying to remote desktop to ? If not is your account the member of the remote users group ?
Thanks and Good Luck!