Link to home
Start Free TrialLog in
Avatar of ZLucas
ZLucas

asked on

Domain/active dir question.

First off, i dont really know anything at all about how this works. A co-worker of mine set up the domain for our company.

If i use remote desktop built into xp to remote in a users comp, and i log in as admin, i have NO problems at all. If i try and log in as a user on the domain, it says "the local policy of this system does not permin you to log in interactivly".

So basically if i want to do anything that requires loging in as a domain user and not a admin, i have to go to there location.

Anyone know how i can fix this?
Avatar of dis1931
dis1931

goto control panel --> Administrative Tools --> Local Security Settings --> Expand Local Policies --> Click on User Rights Assignment

Check the Deny and Allow logon to either the local machine, or through the network, or terminal services.  One of these settings is probably denying you access.  But you said you are able to login to the PC once you go there and login.  So I am assuming it is the allow logon through Terminal Services that needs to be changed...it is by default set to include administrators and remote desktop users.  A remote desktop user by default only includes the administrators so this is most likely the problem.  Just add Users group or whatever group you would like to that policy and they should have access to the PC from remote desktop.
ASKER CERTIFIED SOLUTION
Avatar of Gary Dewrell
Gary Dewrell
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
As dis1931 suggested you can add them to a group or, go to that particular system, system properties,remote,select remote users, and add the logins for which you want to give remote access on that system.
Avatar of ZLucas

ASKER

so can i do this thru the active dir?

all of the accounts that iam having this problem on are set as "domain users". Is there someway i can they all have access.
You can make a domain security policy and apply it through the domain so that it overrides local security settings.  Or create an OU and apply a security policy on that.

Dis
If my memory doesn't fail now, this is a default configuration for domain controllers. Domain Users cannot interactively log-in to a DOMAIN CONTROLLER machine. It's not about windows 2000 server or professional but the machine being a domain controller. To disable this configuration, follow dis1931 instructions.

I most ask however, why do you want to allow interactive login to all your domain users for a domain controller? Please, do not tell me you have only DCs in your network :) !?


Cheers.
Avatar of ZLucas

ASKER

i guess i dont, i see your point. Ill just have to allow it locally one time use sort of thing.

Thanks!