Solved

Local policy of the system does not permit you to logon interactively

Posted on 2004-10-12
9
1,067 Views
Last Modified: 2008-02-01
I have a common problem with Windows XP but I have tried all the usual solutions that usually fix it, so here I am.

When I try to use remote desktop connection to connect to another computer at work (2 XP workstations, 2000 Server), I get the message that the local policy of this system does not permit you to logon interactively.

I have had this problem before and it is usually on the host computer in My Computer Properties where I check to allow users to logon to this computer.  I also have checked the AD on the server and everybody has terminal services permissions.  Since it is not those two things, I am looking for another solution.  I have concluded that it exists on the XP host computer but have tried the only solution I know.

Thanks

Zach
0
Comment
Question by:zungerman
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 3

Expert Comment

by:Fermion
ID: 12292124
"the local policy of this system does not permit you to logon interactively" Key statement.

Just throwing out thoughts: the obvious... I assume the BOTH computers in question has XP Pro, not Home?

Is the computer you are using to access the other being logged in as admin? Perhaps there are policy restrictions if you merely log in as "user" thus not allowing such access.
0
 

Author Comment

by:zungerman
ID: 12292161
Both computers are XP Pro.  The host is the only one that needs to be because you can download a remote desktop client on any Windows system.  But they are both pro.

I will check on the admin thing.  The scenario here is that I have to send a laptop in for maintenance.  He currently logs in from home with remote desktop.  I am setting him up on a spare laptop and have set up the One to One Nat to the spare laptop fixed IP address but I keep gettign the local policy message.

Thanks
0
 
LVL 2

Expert Comment

by:Wolfpup99
ID: 12292246
I don't know how many times I've gotten this annoying message. mostly on Windows servers.  In your particular case, with XP,  I think all you need to do is add whatever user ID your're trying to log in with to the Remote Desktop Users class.

See this article:
http://support.microsoft.com/?kbid=289289
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 2

Expert Comment

by:Wolfpup99
ID: 12292452
By the way, Fermion is correct, logging in as admin should always work ... adding users to the Remote Desktop Users group is only necessary for non-admin ID's.
0
 

Author Comment

by:zungerman
ID: 12292484
I have already addid the user to the Remote Desktop users group on the host computer.  That is why I am so frustrated.  I am thinking about wiping out the XP and reinstalling it.
0
 
LVL 2

Expert Comment

by:Wolfpup99
ID: 12292783
Two questions:

- from your reference to "AD on the server", I assume that the target computer is a member of a domain?

- can you get in using an administrator account ?

I don't think XP is broken, I'm thinking that permissions defined for the user ID in Active Directory aren't quite right.  I had exactly this problem in a Win Server 2003 AD domain but both my notes and my memory have disappeared ...lol... for starters, it would be very helpful to know if administrator can get in ......
0
 
LVL 3

Expert Comment

by:Fermion
ID: 12293299
Zung, I believe that in you gallant effort you may have actually complicated matters.
As per Wolfs comment, it is IMPORTANT to determine whether or not the network from THAT computer has full network access by way of an Admin logon. FORGET "user" logon at this point!!
If an Admin can get in, your user account parameters are screwed up, that's all. No need to reinstall XP!!!!!
0
 
LVL 2

Expert Comment

by:Wolfpup99
ID: 12293517
OK, I had a look at my 2003 Server config and my memory has somewhat returned :)  Don't think it's really going to help in your situation but here's the story.

The frustration that I was having was in getting remote desktop access to the server itself, which as a domain controller requires the user or some group he's a member of to explicitly be added to the "Allow log on locally" and "Allow logon through Terminal Services" user rights assignment in the domain controller security policy (as well as being a member of "Remote Desktop Users" in Active Directory).  That's what was driving me nuts.

But in your case as I understand it you're trying to log on to an XP Pro workstation, not the server.  It should be sufficient just to add the user to "Remote Desktop Users".  Now, in my case I only access the server, so I have all the above set plus I have the user added to "Remote Desktop Users" in Active Directory.  What I don't know for sure is whether you need to add the user to Remote Desktop Users *both* in AD as well as locally, if indeed your workstation is in a domain.

The question of whether admin access works is still a relevant one.
0
 
LVL 1

Accepted Solution

by:
JeffN825 earned 125 total points
ID: 12294540
Have you checked the local security policy of the XP boxes in question (available under administrative tools).

Check under Local Policies >> User Rights Assignment that:

1.  Under Allow logon through Terminal Services has Administrators group and Remote Desktop Users group.  This is important.  Adding the user under the Remote tab of the system properties control panel does NOT change the local security policy.  It only adds them to the local group Remote Desktop Users.

2.  Under Denly logon through Terminal Services make sure no relevant groups are listed.

I may have just said something similar to what Wolfpup99 just said.  I myself had this exact same problem on a Windows Server 2003 domain I administer, trying to gain remote access to domain workstations as non-admin users.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now