We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Course Of The Month
10 days, 15 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Domain/active dir question.
Posted on 2004-08-11
First off, i dont really know anything at all about how this works. A co-worker of mine set up the domain for our company.
If i use remote desktop built into xp to remote in a users comp, and i log in as admin, i have NO problems at all. If i try and log in as a user on the domain, it says "the local policy of this system does not permin you to log in interactivly".
So basically if i want to do anything that requires loging in as a domain user and not a admin, i have to go to there location.
Anyone know how i can fix this?
If i use remote desktop built into xp to remote in a users comp, and i log in as admin, i have NO problems at all. If i try and log in as a user on the domain, it says "the local policy of this system does not permin you to log in interactivly".
So basically if i want to do anything that requires loging in as a domain user and not a admin, i have to go to there location.
Anyone know how i can fix this?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
2
-
2
- +2
7 Comments
goto control panel --> Administrative Tools --> Local Security Settings --> Expand Local Policies --> Click on User Rights Assignment
Check the Deny and Allow logon to either the local machine, or through the network, or terminal services. One of these settings is probably denying you access. But you said you are able to login to the PC once you go there and login. So I am assuming it is the allow logon through Terminal Services that needs to be changed...it is by default set to include administrators and remote desktop users. A remote desktop user by default only includes the administrators so this is most likely the problem. Just add Users group or whatever group you would like to that policy and they should have access to the PC from remote desktop.
Check the Deny and Allow logon to either the local machine, or through the network, or terminal services. One of these settings is probably denying you access. But you said you are able to login to the PC once you go there and login. So I am assuming it is the allow logon through Terminal Services that needs to be changed...it is by default set to include administrators and remote desktop users. A remote desktop user by default only includes the administrators so this is most likely the problem. Just add Users group or whatever group you would like to that policy and they should have access to the PC from remote desktop.
If you are using XP Pro clients, on the client PC you want to access, you need to configure who will be allowed to do remote access to that machine. Right click on my computer, click properties, choose the remote tab. Click the "Select Remote Users" button and you will be able to give access to the appropriate users. You can grant access by user or if you want all users from the domain to be able to log in choose domainname\DOMAIN USERS where domainname is the name of your domain.
God Bless
God Bless
As dis1931 suggested you can add them to a group or, go to that particular system, system properties,remote,select remote users, and add the logins for which you want to give remote access on that system.
so can i do this thru the active dir?
all of the accounts that iam having this problem on are set as "domain users". Is there someway i can they all have access.
all of the accounts that iam having this problem on are set as "domain users". Is there someway i can they all have access.
You can make a domain security policy and apply it through the domain so that it overrides local security settings. Or create an OU and apply a security policy on that.
Dis
Dis
If my memory doesn't fail now, this is a default configuration for domain controllers. Domain Users cannot interactively log-in to a DOMAIN CONTROLLER machine. It's not about windows 2000 server or professional but the machine being a domain controller. To disable this configuration, follow dis1931 instructions.
I most ask however, why do you want to allow interactive login to all your domain users for a domain controller? Please, do not tell me you have only DCs in your network :) !?
Cheers.
I most ask however, why do you want to allow interactive login to all your domain users for a domain controller? Please, do not tell me you have only DCs in your network :) !?
Cheers.
Featured Post
Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies. Only from Platform Scholar.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month10 days, 15 hours left to enroll
631 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.