euroluce
asked on
Terminal Services - The local policy of this system does not allow you to log in interactively.
I'm trying to get Terminal Server (application server mode) working on our Win2K server. I am able to connect as anyone in the Domain Admins group, but any standard non-admin users get denied login with the error message:
"The local policy of this system does not allow you to log in interactively."
These users get the same error message when trying to log in at the console.
I've been trying to sort this by investigating setup in the AD, Terminal Services Setup and Security Settings. I have "Log on Locally" set for the user I am testing, and "Deny Logon Locally" not set.
How can I get the server set up so non-admin users can log in over Terminal services.
"The local policy of this system does not allow you to log in interactively."
These users get the same error message when trying to log in at the console.
I've been trying to sort this by investigating setup in the AD, Terminal Services Setup and Security Settings. I have "Log on Locally" set for the user I am testing, and "Deny Logon Locally" not set.
How can I get the server set up so non-admin users can log in over Terminal services.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
FYI
There is a delay for the policies to refresh. You can force a refresh by
secedit /refreshpolicy machine_policy /enforce
secedit /refreshpolicy user_policy /enforce
hth
There is a delay for the policies to refresh. You can force a refresh by
secedit /refreshpolicy machine_policy /enforce
secedit /refreshpolicy user_policy /enforce
hth
ASKER
BTW - note for others having this issue - it took a few minutes for the change to take effect. I allowed login in the 'Domain Controller Security Policy' snap in as advised, at first it didn't seem to have worked. came back 5 minutes later and tried to log in again and all worked fine... not sure why this is...