Terminal Services - The local policy of this system does not allow you to log in interactively.

I'm trying to get Terminal Server (application server mode) working on our Win2K server. I am able to connect as anyone in the Domain Admins group, but any standard non-admin users get denied login with the error message:

"The local policy of this system does not allow you to log in interactively."

These users get the same error message when trying to log in at the console.

I've been trying to sort this by investigating setup in the AD, Terminal Services Setup and Security Settings. I have "Log on Locally" set for the user I am testing, and "Deny Logon Locally" not set.

How can I get the server set up so non-admin users can log in over Terminal services.

euroluceAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

The-ChadCommented:
Is it a domain controller as well as the terminal server?
If so you will need to allow logon in the 'Domain Controller Security Policy' snap in.

Otherwise configure the users to logon in the Local Security Policy snap in

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
euroluceAuthor Commented:
was DC as well as TS, simple, to the point... thanks.

BTW - note for others having this issue - it took a few minutes for the change to take effect. I allowed login in the 'Domain Controller Security Policy' snap in as advised, at first it didn't seem to have worked. came back 5 minutes later and tried to log in again and all worked fine...  not sure why this is...
leon_judgeCommented:
FYI

There is a delay for the policies to refresh.  You can force a refresh by

secedit /refreshpolicy machine_policy /enforce
secedit /refreshpolicy user_policy /enforce

hth
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.