not permitted to logon interactively error logging in to 2003 terminal server

Posted on 2004-11-30
Last Modified: 2012-05-05
If I try  to log in via TS onto a member server (2003) I get 'the local policy of this system does not allow you to logon interactively'  The only way I can get it to work is to put a specific username in 'allow logon via terminal services' under the local policies on the server.  If I put in a group name into that policy which that user is in instead of a specific name, it gives me the error still!  I obviously want to give a group the rights to log on to the terminal server.  Why doesn't this work?  This is driving me nuts.

Question by:timungless
    LVL 57

    Expert Comment

    by:Pete Long
    How to give NON administrators Terminal Service (Remote Administration)

    This must be done on a server to server level, If you require a lot of users create a GROUP called TSRemoteUsers in active directory and add your users into the group, then carry out the steps below. Ill assume we are only dealing with a couple of users.

    Ill also assume you have Terminal Services (Administration Mode) installed and running on the server, if not open control panel >add remove Programs >windows components >Terminal Services, When Prompted ENSURE "Remote Administration" is selected.

    1. Using an admin account open a remote admin session to the server in question.
    2. Click Start >Programs >Administrative Tools >Terminal Services Configuration
    3. Click Connections
    4. In the right hand pane RIGHT CLICK the RDP-TCP connector and select properties
    5. On the permissions tab click "ADD"
    6. Add your user/group in here and select the appropriate level of access.

    If it aint working ensure you not in application mode (Unless you have to be!!)
    Change Between Remote Administration and Application Server Mode;EN-US;238162

    Author Comment

    OK, The server is in Application mode which is what I want.  If I look  at the rdp-tcp connector properties, the  remote desktop users group is in there with permissions to access.  Now the problem is if I put a group inside the remote desktop users on the server, I still get the log on error.

    Author Comment

    I have domain\domain users inside the local remote desktop users on the server.  From this I'd expect anyone to be able to attach to a terminal session.
    LVL 11

    Expert Comment

    Have you tried creating a local group on the server and placing the domain global group inside of that group?  Also, when you look at the properties of the domain group, make sure it's a security group.  Just a try!

    Author Comment

    I've done this but no help.  The only way it will work is if i specify particular users and put them into 'allow logon through terminal services' policy setting.  It doesn't work if i specify  a group in there.
    LVL 1

    Expert Comment

    what about adding there user in the local securty policy to allow logon interactivley

    Author Comment

    I found the problem to this.  It turned out to be because the novell client was installed on the server.  dont know why it was happening, but I removed it and it worked fine!

    Accepted Solution

    PAQed with points refunded (500)

    Community Support Moderator

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
    On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now