2003 DC "The local policy of this system does not permit you to logon interactivly."

Running a 2003 domain controller. When I try to remote desktop into it I get this error
"The local policy of this system does not permit you to logon interactivly."
Before this error never existed. I had opened up a question here
http://experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21207989.html
and tried this suggestion
located here
http://www.experts-exchange.com/Operating_Systems/Q_20975164.html
I made the change
computerconfiguration>Windows-Settings>local policies>assign of userrights>"Allow to logon via Terminalservices"
and now I cannot RD into this DC anymore, even after changing the setting back and rebooting.

Does anyone know why this happened and what I can do to fix the problem?
LVL 1
DMS-XAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nihlcatCommented:
In you group policy check "Logon Locally" and "Deny Logon Locally" under:

Windows settings>Security Settings>Local Policies>User Rights Assignment

Could just be a permissions issue.
0
DMS-XAuthor Commented:
Thanks for the reply nihlcat.

Ok I checked both the "logon Locally" and "deny Logon Locally"
"deny Logon Locally" is not defined and "logon Locally" does not exist.

I have noticed however that in AD I am missing the Builtin account called "remote desktop users"
This 2003 domain controller has been introduced into a 2000 DC enviorment. I still have the 2000 server running AD and in controll of the 5 FSMO roles.
So this might be normal considering the conditions in which the DC was built. Maybe someone might be able to take a look at a 2003 domain controller that has had its AD structure migrated from a 2000 DC.

Thanks,
DMS
0
DMS-XAuthor Commented:
oops "Allow logon locally" is probably what you meant and not "Logon Locally", my bad.
Yes it exists and it is set to not defined.
0
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

binary_1001010Commented:
you have to allow logon locally, do NOT set this in domain group policy, set it in domain cotroller group policy or just run gpedit.msc.

for example if you want to allow Andy to terminal into the domain controller, add his name to  "Allow to logon via Terminalservices" and "Allow logon locally"
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DMS-XAuthor Commented:
I will give it a shot on Moday : )
0
DMS-XAuthor Commented:
Does anyone know what is going on?
0
harleyjdCommented:
Local policy does not apply to DC's

You should check all those settiings in Default Domain Controller Policy.

There is also no domain level "remote desktop users" policy.

Better way to check this is to run the RSOP - Resultant Set of Policy. Do this with rsop.msc on the 2003 server.

This will give a very clear picture of the status on the server, and where said polices are loaded from. It *should* be the Default Domain Controller Policy, but you never know.


0
DMS-XAuthor Commented:
>There is also no domain level "remote desktop users" policy.
Good to know that.

I managed to get it working by putting the builtin Administrators account in the default domain policy--->computer config.--->windows settings--->local policies--->user rights.....--->allow logon throught terminal services.

binary_1001010 and harleyjd thanks for your help!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.