Solved

Local policy of the system does not permit you to logon interactively

Posted on 2004-10-12
9
1,066 Views
Last Modified: 2008-02-01
I have a common problem with Windows XP but I have tried all the usual solutions that usually fix it, so here I am.

When I try to use remote desktop connection to connect to another computer at work (2 XP workstations, 2000 Server), I get the message that the local policy of this system does not permit you to logon interactively.

I have had this problem before and it is usually on the host computer in My Computer Properties where I check to allow users to logon to this computer.  I also have checked the AD on the server and everybody has terminal services permissions.  Since it is not those two things, I am looking for another solution.  I have concluded that it exists on the XP host computer but have tried the only solution I know.

Thanks

Zach
0
Comment
Question by:zungerman
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 3

Expert Comment

by:Fermion
ID: 12292124
"the local policy of this system does not permit you to logon interactively" Key statement.

Just throwing out thoughts: the obvious... I assume the BOTH computers in question has XP Pro, not Home?

Is the computer you are using to access the other being logged in as admin? Perhaps there are policy restrictions if you merely log in as "user" thus not allowing such access.
0
 

Author Comment

by:zungerman
ID: 12292161
Both computers are XP Pro.  The host is the only one that needs to be because you can download a remote desktop client on any Windows system.  But they are both pro.

I will check on the admin thing.  The scenario here is that I have to send a laptop in for maintenance.  He currently logs in from home with remote desktop.  I am setting him up on a spare laptop and have set up the One to One Nat to the spare laptop fixed IP address but I keep gettign the local policy message.

Thanks
0
 
LVL 2

Expert Comment

by:Wolfpup99
ID: 12292246
I don't know how many times I've gotten this annoying message. mostly on Windows servers.  In your particular case, with XP,  I think all you need to do is add whatever user ID your're trying to log in with to the Remote Desktop Users class.

See this article:
http://support.microsoft.com/?kbid=289289
0
 
LVL 2

Expert Comment

by:Wolfpup99
ID: 12292452
By the way, Fermion is correct, logging in as admin should always work ... adding users to the Remote Desktop Users group is only necessary for non-admin ID's.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:zungerman
ID: 12292484
I have already addid the user to the Remote Desktop users group on the host computer.  That is why I am so frustrated.  I am thinking about wiping out the XP and reinstalling it.
0
 
LVL 2

Expert Comment

by:Wolfpup99
ID: 12292783
Two questions:

- from your reference to "AD on the server", I assume that the target computer is a member of a domain?

- can you get in using an administrator account ?

I don't think XP is broken, I'm thinking that permissions defined for the user ID in Active Directory aren't quite right.  I had exactly this problem in a Win Server 2003 AD domain but both my notes and my memory have disappeared ...lol... for starters, it would be very helpful to know if administrator can get in ......
0
 
LVL 3

Expert Comment

by:Fermion
ID: 12293299
Zung, I believe that in you gallant effort you may have actually complicated matters.
As per Wolfs comment, it is IMPORTANT to determine whether or not the network from THAT computer has full network access by way of an Admin logon. FORGET "user" logon at this point!!
If an Admin can get in, your user account parameters are screwed up, that's all. No need to reinstall XP!!!!!
0
 
LVL 2

Expert Comment

by:Wolfpup99
ID: 12293517
OK, I had a look at my 2003 Server config and my memory has somewhat returned :)  Don't think it's really going to help in your situation but here's the story.

The frustration that I was having was in getting remote desktop access to the server itself, which as a domain controller requires the user or some group he's a member of to explicitly be added to the "Allow log on locally" and "Allow logon through Terminal Services" user rights assignment in the domain controller security policy (as well as being a member of "Remote Desktop Users" in Active Directory).  That's what was driving me nuts.

But in your case as I understand it you're trying to log on to an XP Pro workstation, not the server.  It should be sufficient just to add the user to "Remote Desktop Users".  Now, in my case I only access the server, so I have all the above set plus I have the user added to "Remote Desktop Users" in Active Directory.  What I don't know for sure is whether you need to add the user to Remote Desktop Users *both* in AD as well as locally, if indeed your workstation is in a domain.

The question of whether admin access works is still a relevant one.
0
 
LVL 1

Accepted Solution

by:
JeffN825 earned 125 total points
ID: 12294540
Have you checked the local security policy of the XP boxes in question (available under administrative tools).

Check under Local Policies >> User Rights Assignment that:

1.  Under Allow logon through Terminal Services has Administrators group and Remote Desktop Users group.  This is important.  Adding the user under the Remote tab of the system properties control panel does NOT change the local security policy.  It only adds them to the local group Remote Desktop Users.

2.  Under Denly logon through Terminal Services make sure no relevant groups are listed.

I may have just said something similar to what Wolfpup99 just said.  I myself had this exact same problem on a Windows Server 2003 domain I administer, trying to gain remote access to domain workstations as non-admin users.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you unable to synchronize your OST (Offline Storage Table) file with Microsoft Exchange Server? Is your OST file exceeding 2 GB size limit? In Microsoft Outlook 2002 and earlier versions, there is a 2 GB size limit for the OST file. If the file …
cPanel is a Unix based web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a web site. cPanel utilizes a 3 tier structure that provides functionality for administrators, rese…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now