DMS-X
asked on
2003 DC "The local policy of this system does not permit you to logon interactivly."
Running a 2003 domain controller. When I try to remote desktop into it I get this error
"The local policy of this system does not permit you to logon interactivly."
Before this error never existed. I had opened up a question here
https://www.experts-exchange.com/questions/21207989/where-is-the-policy-in-active-directory-to-force-all-xp-machines-to-turn-remote-desktop-on.html
and tried this suggestion
located here
https://www.experts-exchange.com/questions/20975164/enable-remote-desktop-using-group-policy.html
I made the change
computerconfiguration>Wind
and now I cannot RD into this DC anymore, even after changing the setting back and rebooting.
Does anyone know why this happened and what I can do to fix the problem?
"The local policy of this system does not permit you to logon interactivly."
Before this error never existed. I had opened up a question here
https://www.experts-exchange.com/questions/21207989/where-is-the-policy-in-active-directory-to-force-all-xp-machines-to-turn-remote-desktop-on.html
and tried this suggestion
located here
https://www.experts-exchange.com/questions/20975164/enable-remote-desktop-using-group-policy.html
I made the change
computerconfiguration>Wind
and now I cannot RD into this DC anymore, even after changing the setting back and rebooting.
Does anyone know why this happened and what I can do to fix the problem?
ASKER
Thanks for the reply nihlcat.
Ok I checked both the "logon Locally" and "deny Logon Locally"
"deny Logon Locally" is not defined and "logon Locally" does not exist.
I have noticed however that in AD I am missing the Builtin account called "remote desktop users"
This 2003 domain controller has been introduced into a 2000 DC enviorment. I still have the 2000 server running AD and in controll of the 5 FSMO roles.
So this might be normal considering the conditions in which the DC was built. Maybe someone might be able to take a look at a 2003 domain controller that has had its AD structure migrated from a 2000 DC.
Thanks,
DMS
Ok I checked both the "logon Locally" and "deny Logon Locally"
"deny Logon Locally" is not defined and "logon Locally" does not exist.
I have noticed however that in AD I am missing the Builtin account called "remote desktop users"
This 2003 domain controller has been introduced into a 2000 DC enviorment. I still have the 2000 server running AD and in controll of the 5 FSMO roles.
So this might be normal considering the conditions in which the DC was built. Maybe someone might be able to take a look at a 2003 domain controller that has had its AD structure migrated from a 2000 DC.
Thanks,
DMS
ASKER
oops "Allow logon locally" is probably what you meant and not "Logon Locally", my bad.
Yes it exists and it is set to not defined.
Yes it exists and it is set to not defined.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I will give it a shot on Moday : )
ASKER
http://webpages.charter.net/illtbagu/a.gif
http://webpages.charter.net/illtbagu/1.gif
http://webpages.charter.net/illtbagu/2.gif
http://webpages.charter.net/illtbagu/3.gif
Notice how I am not able to add users. These boxes are grayed out.
http://webpages.charter.net/illtbagu/1.gif
http://webpages.charter.net/illtbagu/2.gif
http://webpages.charter.net/illtbagu/3.gif
Notice how I am not able to add users. These boxes are grayed out.
ASKER
Does anyone know what is going on?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
>There is also no domain level "remote desktop users" policy.
Good to know that.
I managed to get it working by putting the builtin Administrators account in the default domain policy--->computer config.--->windows settings--->local policies--->user rights.....--->allow logon throught terminal services.
binary_1001010 and harleyjd thanks for your help!
Good to know that.
I managed to get it working by putting the builtin Administrators account in the default domain policy--->computer config.--->windows settings--->local policies--->user rights.....--->allow logon throught terminal services.
binary_1001010 and harleyjd thanks for your help!
Windows settings>Security Settings>Local Policies>User Rights Assignment
Could just be a permissions issue.