Solved

Local policy of the system does not permit you to logon interactively

Posted on 2004-10-12
9
1,065 Views
Last Modified: 2008-02-01
I have a common problem with Windows XP but I have tried all the usual solutions that usually fix it, so here I am.

When I try to use remote desktop connection to connect to another computer at work (2 XP workstations, 2000 Server), I get the message that the local policy of this system does not permit you to logon interactively.

I have had this problem before and it is usually on the host computer in My Computer Properties where I check to allow users to logon to this computer.  I also have checked the AD on the server and everybody has terminal services permissions.  Since it is not those two things, I am looking for another solution.  I have concluded that it exists on the XP host computer but have tried the only solution I know.

Thanks

Zach
0
Comment
Question by:zungerman
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 3

Expert Comment

by:Fermion
ID: 12292124
"the local policy of this system does not permit you to logon interactively" Key statement.

Just throwing out thoughts: the obvious... I assume the BOTH computers in question has XP Pro, not Home?

Is the computer you are using to access the other being logged in as admin? Perhaps there are policy restrictions if you merely log in as "user" thus not allowing such access.
0
 

Author Comment

by:zungerman
ID: 12292161
Both computers are XP Pro.  The host is the only one that needs to be because you can download a remote desktop client on any Windows system.  But they are both pro.

I will check on the admin thing.  The scenario here is that I have to send a laptop in for maintenance.  He currently logs in from home with remote desktop.  I am setting him up on a spare laptop and have set up the One to One Nat to the spare laptop fixed IP address but I keep gettign the local policy message.

Thanks
0
 
LVL 2

Expert Comment

by:Wolfpup99
ID: 12292246
I don't know how many times I've gotten this annoying message. mostly on Windows servers.  In your particular case, with XP,  I think all you need to do is add whatever user ID your're trying to log in with to the Remote Desktop Users class.

See this article:
http://support.microsoft.com/?kbid=289289
0
 
LVL 2

Expert Comment

by:Wolfpup99
ID: 12292452
By the way, Fermion is correct, logging in as admin should always work ... adding users to the Remote Desktop Users group is only necessary for non-admin ID's.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:zungerman
ID: 12292484
I have already addid the user to the Remote Desktop users group on the host computer.  That is why I am so frustrated.  I am thinking about wiping out the XP and reinstalling it.
0
 
LVL 2

Expert Comment

by:Wolfpup99
ID: 12292783
Two questions:

- from your reference to "AD on the server", I assume that the target computer is a member of a domain?

- can you get in using an administrator account ?

I don't think XP is broken, I'm thinking that permissions defined for the user ID in Active Directory aren't quite right.  I had exactly this problem in a Win Server 2003 AD domain but both my notes and my memory have disappeared ...lol... for starters, it would be very helpful to know if administrator can get in ......
0
 
LVL 3

Expert Comment

by:Fermion
ID: 12293299
Zung, I believe that in you gallant effort you may have actually complicated matters.
As per Wolfs comment, it is IMPORTANT to determine whether or not the network from THAT computer has full network access by way of an Admin logon. FORGET "user" logon at this point!!
If an Admin can get in, your user account parameters are screwed up, that's all. No need to reinstall XP!!!!!
0
 
LVL 2

Expert Comment

by:Wolfpup99
ID: 12293517
OK, I had a look at my 2003 Server config and my memory has somewhat returned :)  Don't think it's really going to help in your situation but here's the story.

The frustration that I was having was in getting remote desktop access to the server itself, which as a domain controller requires the user or some group he's a member of to explicitly be added to the "Allow log on locally" and "Allow logon through Terminal Services" user rights assignment in the domain controller security policy (as well as being a member of "Remote Desktop Users" in Active Directory).  That's what was driving me nuts.

But in your case as I understand it you're trying to log on to an XP Pro workstation, not the server.  It should be sufficient just to add the user to "Remote Desktop Users".  Now, in my case I only access the server, so I have all the above set plus I have the user added to "Remote Desktop Users" in Active Directory.  What I don't know for sure is whether you need to add the user to Remote Desktop Users *both* in AD as well as locally, if indeed your workstation is in a domain.

The question of whether admin access works is still a relevant one.
0
 
LVL 1

Accepted Solution

by:
JeffN825 earned 125 total points
ID: 12294540
Have you checked the local security policy of the XP boxes in question (available under administrative tools).

Check under Local Policies >> User Rights Assignment that:

1.  Under Allow logon through Terminal Services has Administrators group and Remote Desktop Users group.  This is important.  Adding the user under the Remote tab of the system properties control panel does NOT change the local security policy.  It only adds them to the local group Remote Desktop Users.

2.  Under Denly logon through Terminal Services make sure no relevant groups are listed.

I may have just said something similar to what Wolfpup99 just said.  I myself had this exact same problem on a Windows Server 2003 domain I administer, trying to gain remote access to domain workstations as non-admin users.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

If you build your web application in Visual Studio you'll get at least a few binaries, or .DLL, files in your bin folder. However, there is more compiling to be done. Normally this would happen when an ASP.NET resource within the web site is request…
Are you unable to synchronize your OST (Offline Storage Table) file with Microsoft Exchange Server? Is your OST file exceeding 2 GB size limit? In Microsoft Outlook 2002 and earlier versions, there is a 2 GB size limit for the OST file. If the file …
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now