• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1128
  • Last Modified:

Local policy of the system does not permit you to logon interactively

I have a common problem with Windows XP but I have tried all the usual solutions that usually fix it, so here I am.

When I try to use remote desktop connection to connect to another computer at work (2 XP workstations, 2000 Server), I get the message that the local policy of this system does not permit you to logon interactively.

I have had this problem before and it is usually on the host computer in My Computer Properties where I check to allow users to logon to this computer.  I also have checked the AD on the server and everybody has terminal services permissions.  Since it is not those two things, I am looking for another solution.  I have concluded that it exists on the XP host computer but have tried the only solution I know.

Thanks

Zach
0
zungerman
Asked:
zungerman
  • 4
  • 2
  • 2
  • +1
1 Solution
 
FermionCommented:
"the local policy of this system does not permit you to logon interactively" Key statement.

Just throwing out thoughts: the obvious... I assume the BOTH computers in question has XP Pro, not Home?

Is the computer you are using to access the other being logged in as admin? Perhaps there are policy restrictions if you merely log in as "user" thus not allowing such access.
0
 
zungermanAuthor Commented:
Both computers are XP Pro.  The host is the only one that needs to be because you can download a remote desktop client on any Windows system.  But they are both pro.

I will check on the admin thing.  The scenario here is that I have to send a laptop in for maintenance.  He currently logs in from home with remote desktop.  I am setting him up on a spare laptop and have set up the One to One Nat to the spare laptop fixed IP address but I keep gettign the local policy message.

Thanks
0
 
Wolfpup99Commented:
I don't know how many times I've gotten this annoying message. mostly on Windows servers.  In your particular case, with XP,  I think all you need to do is add whatever user ID your're trying to log in with to the Remote Desktop Users class.

See this article:
http://support.microsoft.com/?kbid=289289
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
Wolfpup99Commented:
By the way, Fermion is correct, logging in as admin should always work ... adding users to the Remote Desktop Users group is only necessary for non-admin ID's.
0
 
zungermanAuthor Commented:
I have already addid the user to the Remote Desktop users group on the host computer.  That is why I am so frustrated.  I am thinking about wiping out the XP and reinstalling it.
0
 
Wolfpup99Commented:
Two questions:

- from your reference to "AD on the server", I assume that the target computer is a member of a domain?

- can you get in using an administrator account ?

I don't think XP is broken, I'm thinking that permissions defined for the user ID in Active Directory aren't quite right.  I had exactly this problem in a Win Server 2003 AD domain but both my notes and my memory have disappeared ...lol... for starters, it would be very helpful to know if administrator can get in ......
0
 
FermionCommented:
Zung, I believe that in you gallant effort you may have actually complicated matters.
As per Wolfs comment, it is IMPORTANT to determine whether or not the network from THAT computer has full network access by way of an Admin logon. FORGET "user" logon at this point!!
If an Admin can get in, your user account parameters are screwed up, that's all. No need to reinstall XP!!!!!
0
 
Wolfpup99Commented:
OK, I had a look at my 2003 Server config and my memory has somewhat returned :)  Don't think it's really going to help in your situation but here's the story.

The frustration that I was having was in getting remote desktop access to the server itself, which as a domain controller requires the user or some group he's a member of to explicitly be added to the "Allow log on locally" and "Allow logon through Terminal Services" user rights assignment in the domain controller security policy (as well as being a member of "Remote Desktop Users" in Active Directory).  That's what was driving me nuts.

But in your case as I understand it you're trying to log on to an XP Pro workstation, not the server.  It should be sufficient just to add the user to "Remote Desktop Users".  Now, in my case I only access the server, so I have all the above set plus I have the user added to "Remote Desktop Users" in Active Directory.  What I don't know for sure is whether you need to add the user to Remote Desktop Users *both* in AD as well as locally, if indeed your workstation is in a domain.

The question of whether admin access works is still a relevant one.
0
 
JeffN825Commented:
Have you checked the local security policy of the XP boxes in question (available under administrative tools).

Check under Local Policies >> User Rights Assignment that:

1.  Under Allow logon through Terminal Services has Administrators group and Remote Desktop Users group.  This is important.  Adding the user under the Remote tab of the system properties control panel does NOT change the local security policy.  It only adds them to the local group Remote Desktop Users.

2.  Under Denly logon through Terminal Services make sure no relevant groups are listed.

I may have just said something similar to what Wolfpup99 just said.  I myself had this exact same problem on a Windows Server 2003 domain I administer, trying to gain remote access to domain workstations as non-admin users.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

  • 4
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now