not permitted to logon interactively error logging in to 2003 terminal server

If I try  to log in via TS onto a member server (2003) I get 'the local policy of this system does not allow you to logon interactively'  The only way I can get it to work is to put a specific username in 'allow logon via terminal services' under the local policies on the server.  If I put in a group name into that policy which that user is in instead of a specific name, it gives me the error still!  I obviously want to give a group the rights to log on to the terminal server.  Why doesn't this work?  This is driving me nuts.

Tim
timunglessAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
How to give NON administrators Terminal Service (Remote Administration)

This must be done on a server to server level, If you require a lot of users create a GROUP called TSRemoteUsers in active directory and add your users into the group, then carry out the steps below. Ill assume we are only dealing with a couple of users.

Ill also assume you have Terminal Services (Administration Mode) installed and running on the server, if not open control panel >add remove Programs >windows components >Terminal Services, When Prompted ENSURE "Remote Administration" is selected.

1. Using an admin account open a remote admin session to the server in question.
2. Click Start >Programs >Administrative Tools >Terminal Services Configuration
3. Click Connections
4. In the right hand pane RIGHT CLICK the RDP-TCP connector and select properties
5. On the permissions tab click "ADD"
6. Add your user/group in here and select the appropriate level of access.

If it aint working ensure you not in application mode (Unless you have to be!!)
Change Between Remote Administration and Application Server Mode
http://support.microsoft.com/default.aspx?scid=kb;EN-US;238162
0
timunglessAuthor Commented:
OK, The server is in Application mode which is what I want.  If I look  at the rdp-tcp connector properties, the  remote desktop users group is in there with permissions to access.  Now the problem is if I put a group inside the remote desktop users on the server, I still get the log on error.
0
timunglessAuthor Commented:
I have domain\domain users inside the local remote desktop users on the server.  From this I'd expect anyone to be able to attach to a terminal session.
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

cfairleyCommented:
Have you tried creating a local group on the server and placing the domain global group inside of that group?  Also, when you look at the properties of the domain group, make sure it's a security group.  Just a try!
0
timunglessAuthor Commented:
I've done this but no help.  The only way it will work is if i specify particular users and put them into 'allow logon through terminal services' policy setting.  It doesn't work if i specify  a group in there.
0
Blackduke77Commented:
what about adding there user in the local securty policy to allow logon interactivley
0
timunglessAuthor Commented:
I found the problem to this.  It turned out to be because the novell client was installed on the server.  dont know why it was happening, but I removed it and it worked fine!
0
moduloCommented:
PAQed with points refunded (500)

modulo
Community Support Moderator
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.