?
Solved

Connect to Desktop does not work on XP upgrade PC's

Posted on 2004-03-20
9
Medium Priority
?
597 Views
Last Modified: 2011-08-18
I have several PC's that had Windows 2000 Professional
installed on them.  We decided to upgrade them to Windows
XP (upgrade, not clean install).  Now, when the users of
those PC's login through the remote workplace, and
attempt to connect to their desktop PC's, they receive an
error message "The local policy of this system does not
allow you to logon interactively."  This even happens
when I attempt to logon using the administrator
user/pass.  I have looked at the Remote Desktop
configuration on the PC, and it is identical to that of a
PC running a clean install of Windows XP.  I even
manually added the user to the list of users allowed to
remote into the machine, but still receive this same
message.  Again, this is only happening on machines that
have had a Windows XP upgrade performed on them.  Any
suggestions?  Anyone else experience this?
0
Comment
Question by:DijitalLee
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 11

Expert Comment

by:infotrader
ID: 10643002
0
 
LVL 4

Expert Comment

by:berni1234
ID: 10644500
you have to allow users to logon via terminalservices in
local sec pol>local pol>assign userrights> "allow users to logon to terminalserver"
(default: Admins. Add there your User or group)

you could also define a gpo, to push this configuration to multiple computer
0
 

Expert Comment

by:jimmy_schmiddler
ID: 10659098
DijitalLee,

Did you ever figure out the problem you were having.  The comments above are for settting security which I believe you have already done.  I am having the same exact problem.  XP Pro machines with a clean install.....no problem.....XP Pro machines upgraded from W2K Pro machines cannot connect...even with the admin name and password.  My remote user group and local security policies are identical to the machines with a clean install of XP Pro.  As you said before...the only differernece I can see is clean install vs. upgrade, which sounds ridiculous but doesn't change the fact that it is the only thing differerent about these machines.
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 

Author Comment

by:DijitalLee
ID: 10661997
I have not found a resolution to this as of yet.  I posted on the Microsoft newsgroup, and the response I received was that the users must be a member of the local administrative group on the specific PC.  This does not work either.  Besides the fact that it is not an acceptable solution, since we do not configure our users with administrative privileges on machines.

I'm still trying to figure this out.  I don't want to have to do a fresh copy of XP on each PC.

0
 

Author Comment

by:DijitalLee
ID: 10662029
berni1234,

Does this need to be done on the SBS, or on the local PC?  I have already added users to the list allowing them to have remote desktop access.  As I mentioned, even the Domain Admin login is not permitted access.  This login should definitely have this privilege, yet it still gets denied access.
0
 

Expert Comment

by:jimmy_schmiddler
ID: 10664081
I hear ya.  I have 10 machines done from a windows 2000 upgrade and one machine done with a clean install.  And like I said before the one clean install works.  This is what I tried tonight (note : this was done ALL remotely)

1.  Took out all local user, local admins, remote users, domain remote users....basically everything but the local admin.
     (now the ONLY person who could RD in was the administrator)
2.  Added my domain user login to the remote desktop users group on the local machine.
     (now my user could RD in....but no local admin rights)

Next prob doesn't apply to you, but it does to me...so i'm going to say it anyway

3.  Added my domain user login to the admin group on the local machine.
     (my user now has local admin rights, but remember he could log in remotely even before I did this step)

And as far as the local security policy "log on locally" goes...well I have the following groups - admins, backup operators, guest, power users, users (have not touched the policy since day one)

As far as what berni1234 said, I have checked that, and I have administrators and remote destop users in there

I will not be onsite until this weekend....so I can't play with the above steps or what berni1234 said on the upgraded machines until then.  But if you try to start fresh with the above steps before then....let me know what happens.
0
 
LVL 4

Accepted Solution

by:
berni1234 earned 500 total points
ID: 10665281
There is also an option "allow to logon to terminalserver" in AD Users&Computers (User>properties>Terminalserver profiles). is this one set for the RDP-Users?

@Comment from DijitalLee
Date: 03/23/2004 10:31PM CET

it does not matter where you set the policy (local security-policy or GPO from server)
if set through gpo make after creation an "gpupdate /force /target:Computer" on the target computer
the advantage of the gpo is that you could manage it centrally from one point for multiple computers
0
 

Expert Comment

by:jimmy_schmiddler
ID: 10693161
Well berni1234,

If it was up to me...you def get the points...regarding "There is also an option "allow to logon to terminalserver" in AD Users&Computers (User>properties>Terminalserver profiles). is this one set for the RDP-Users?"  That was set all fine.  But on the local machine under local sec pol.."allow to logon to terminal services" was blank...I added the admins group from the domain and the remote desktop users from the local machine....and wha la!  It worked!!  I guess when doing an upgrade..those groups are not automatically added to that policy..because I checked the machine that was a clean install and they were there.  Since I only have about 8 machines to fix..I'll probably go around to each machine and correct the local policy for now.  If doing this by the server, do you suggest do a GPO so that I can admin right from the server and not go around to each PC next time ??

Thanks again!
0
 
LVL 4

Expert Comment

by:berni1234
ID: 10695023
@jimmy

yes, simply create a gpo for admin-remote-desktop and associate it with the ou´s where the computers reside in. or associate it with the whole domain (be carefull, if you associate it with the domain, because it also affects your servers - maybe not all admins should be allowed to logon via rdp to your servers)

regards,
bernhard
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question