Link to home
Start Free TrialLog in
Avatar of zungerman
zungerman

asked on

Local policy of the system does not permit you to logon interactively

I have a common problem with Windows XP but I have tried all the usual solutions that usually fix it, so here I am.

When I try to use remote desktop connection to connect to another computer at work (2 XP workstations, 2000 Server), I get the message that the local policy of this system does not permit you to logon interactively.

I have had this problem before and it is usually on the host computer in My Computer Properties where I check to allow users to logon to this computer.  I also have checked the AD on the server and everybody has terminal services permissions.  Since it is not those two things, I am looking for another solution.  I have concluded that it exists on the XP host computer but have tried the only solution I know.

Thanks

Zach
Avatar of Fermion
Fermion

"the local policy of this system does not permit you to logon interactively" Key statement.

Just throwing out thoughts: the obvious... I assume the BOTH computers in question has XP Pro, not Home?

Is the computer you are using to access the other being logged in as admin? Perhaps there are policy restrictions if you merely log in as "user" thus not allowing such access.
Avatar of zungerman

ASKER

Both computers are XP Pro.  The host is the only one that needs to be because you can download a remote desktop client on any Windows system.  But they are both pro.

I will check on the admin thing.  The scenario here is that I have to send a laptop in for maintenance.  He currently logs in from home with remote desktop.  I am setting him up on a spare laptop and have set up the One to One Nat to the spare laptop fixed IP address but I keep gettign the local policy message.

Thanks
I don't know how many times I've gotten this annoying message. mostly on Windows servers.  In your particular case, with XP,  I think all you need to do is add whatever user ID your're trying to log in with to the Remote Desktop Users class.

See this article:
http://support.microsoft.com/?kbid=289289
By the way, Fermion is correct, logging in as admin should always work ... adding users to the Remote Desktop Users group is only necessary for non-admin ID's.
I have already addid the user to the Remote Desktop users group on the host computer.  That is why I am so frustrated.  I am thinking about wiping out the XP and reinstalling it.
Two questions:

- from your reference to "AD on the server", I assume that the target computer is a member of a domain?

- can you get in using an administrator account ?

I don't think XP is broken, I'm thinking that permissions defined for the user ID in Active Directory aren't quite right.  I had exactly this problem in a Win Server 2003 AD domain but both my notes and my memory have disappeared ...lol... for starters, it would be very helpful to know if administrator can get in ......
Zung, I believe that in you gallant effort you may have actually complicated matters.
As per Wolfs comment, it is IMPORTANT to determine whether or not the network from THAT computer has full network access by way of an Admin logon. FORGET "user" logon at this point!!
If an Admin can get in, your user account parameters are screwed up, that's all. No need to reinstall XP!!!!!
OK, I had a look at my 2003 Server config and my memory has somewhat returned :)  Don't think it's really going to help in your situation but here's the story.

The frustration that I was having was in getting remote desktop access to the server itself, which as a domain controller requires the user or some group he's a member of to explicitly be added to the "Allow log on locally" and "Allow logon through Terminal Services" user rights assignment in the domain controller security policy (as well as being a member of "Remote Desktop Users" in Active Directory).  That's what was driving me nuts.

But in your case as I understand it you're trying to log on to an XP Pro workstation, not the server.  It should be sufficient just to add the user to "Remote Desktop Users".  Now, in my case I only access the server, so I have all the above set plus I have the user added to "Remote Desktop Users" in Active Directory.  What I don't know for sure is whether you need to add the user to Remote Desktop Users *both* in AD as well as locally, if indeed your workstation is in a domain.

The question of whether admin access works is still a relevant one.
ASKER CERTIFIED SOLUTION
Avatar of JeffN825
JeffN825

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial