Solved

Windows 2003 Domain Controller and Terminal Service Remote Client Login

Posted on 2004-08-14
9
171 Views
Last Modified: 2010-04-19
I have setup a 2003 Server which was running Terminal Services, I setup Domain Controller recently and now when remote users attempt to login they recieve the error "The local policy of this system does not allow you to log on interactively"  I only have this problem with remote users, any administrative user can log on with out issues.  All users are allowed to log on locally in the ADUC, and I can't pinpoint where the difference is between the two groups aside from one being admin.  Can someone please help direct me to where I can find the difference in the groups as to why the remote users can not log on.
0
Comment
Question by:goffer
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 8

Expert Comment

by:jodypeet
ID: 11801926
The difference is that administrators are allowed to log on to servers and users aren't by default.
You could edit the default domain policy.
In the console tree, click Security Settings.
To edit an Audit Policy, a User Right Assignment, or Security Options, click Local Policies.
Double-click the User right assignment security setting in the details pane.
Modify the security setting, "log on locally" and then click OK.


good luck
0
 
LVL 83

Expert Comment

by:oBdA
ID: 11802079
The default domain policy won't help anything in this case; this only affects member servers and workstations.
You need to edit the default *domain* *controller* security policy (among the other management tools) and give the appropriate user group the right to log on locally.
0
 
LVL 8

Expert Comment

by:jodypeet
ID: 11805403
sorry for the typo ...it is the default domain controller policy
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 2

Expert Comment

by:TASINetwork
ID: 11806371
You can also add the users to the Remote Desktop Users group.
0
 

Author Comment

by:goffer
ID: 11806712
Once again, please forgive my ignorance, but once I'm in the default domain controller policy and I click to edit it, how do I set the user group to log on locally.  There are options to change "Software Settings", "Windows settings", and "Administrative Templates" but I see no place to change any other settings.  Also they are already members of the Remote Desktop Users group.  I appreciate the advice.
0
 
LVL 2

Expert Comment

by:TASINetwork
ID: 11806761
Computer Configuration, Windows Settings, Local Policies, User Rights Assignment
0
 
LVL 8

Accepted Solution

by:
jodypeet earned 250 total points
ID: 11806766
Computer configuration
Windows settings
Security settings
Local Policies
Double-click the User right assignment security setting in the details pane.
Modify the security setting, "log on locally" and then click OK.
0
 

Author Comment

by:goffer
ID: 11813399
Thank you very much, unfortunately I'm not versed at all in any server OS and my boss that usually handles all those type things resigned two weeks ago.  I greatly appreciate the help!!
0
 
LVL 8

Expert Comment

by:jodypeet
ID: 11827306
No problem
Glad to help
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now