Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 305
  • Last Modified:

not permitted to logon interactively error logging in to 2003 terminal server

If I try  to log in via TS onto a member server (2003) I get 'the local policy of this system does not allow you to logon interactively'  The only way I can get it to work is to put a specific username in 'allow logon via terminal services' under the local policies on the server.  If I put in a group name into that policy which that user is in instead of a specific name, it gives me the error still!  I obviously want to give a group the rights to log on to the terminal server.  Why doesn't this work?  This is driving me nuts.

1 Solution
Pete LongTechnical ConsultantCommented:
How to give NON administrators Terminal Service (Remote Administration)

This must be done on a server to server level, If you require a lot of users create a GROUP called TSRemoteUsers in active directory and add your users into the group, then carry out the steps below. Ill assume we are only dealing with a couple of users.

Ill also assume you have Terminal Services (Administration Mode) installed and running on the server, if not open control panel >add remove Programs >windows components >Terminal Services, When Prompted ENSURE "Remote Administration" is selected.

1. Using an admin account open a remote admin session to the server in question.
2. Click Start >Programs >Administrative Tools >Terminal Services Configuration
3. Click Connections
4. In the right hand pane RIGHT CLICK the RDP-TCP connector and select properties
5. On the permissions tab click "ADD"
6. Add your user/group in here and select the appropriate level of access.

If it aint working ensure you not in application mode (Unless you have to be!!)
Change Between Remote Administration and Application Server Mode
timunglessAuthor Commented:
OK, The server is in Application mode which is what I want.  If I look  at the rdp-tcp connector properties, the  remote desktop users group is in there with permissions to access.  Now the problem is if I put a group inside the remote desktop users on the server, I still get the log on error.
timunglessAuthor Commented:
I have domain\domain users inside the local remote desktop users on the server.  From this I'd expect anyone to be able to attach to a terminal session.
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Have you tried creating a local group on the server and placing the domain global group inside of that group?  Also, when you look at the properties of the domain group, make sure it's a security group.  Just a try!
timunglessAuthor Commented:
I've done this but no help.  The only way it will work is if i specify particular users and put them into 'allow logon through terminal services' policy setting.  It doesn't work if i specify  a group in there.
what about adding there user in the local securty policy to allow logon interactivley
timunglessAuthor Commented:
I found the problem to this.  It turned out to be because the novell client was installed on the server.  dont know why it was happening, but I removed it and it worked fine!
PAQed with points refunded (500)

Community Support Moderator

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now