Remote Administration interactive logon privileges disabled

Windows 2003, fresh install, nothing running, I can do whatever I want with it.
Terminal server role not added
Application server role added (intended to be be an intranet server once I get this fixed)

I can log on to the system using remote desktop as the local admin (no other local users set up, so I didn't try that), but I cannot log on as a domain admin.  When I try, I get the message "Your interactive logon privilege has been disabled.  Please contact your system administrator."  

I have explicitly added the domain account to the Remote Desktop Users, and it is also a member of the local administrative group.   I have also allowed that account the "log on locally" right.

Any ideas?  Pulling my hair out here.
Who is Participating?
It doesn't matter - Remote Desktop is Terminal Server just renamed to avoid confusion.

The account MUST, MUST, MUST have "log in to terminal server" checked on the account's Terminal Services Profile tab in Active Directory.

I just tested this with a real, live account and a real live server. If "log in to terminal server" = unchecked Domain Admins get "Your interactive logon priviledge has been disabled..."
Is you server joined to a domain?
eatham111Author Commented:
Yes - it is joined to a Windows 2000 domain.
You also must have the allow logon to terminal server property on the user's AD account, on the terminal server tab
eatham111Author Commented:
The role Terminal Server is not added - this is not a terminal server.  This is for remote administration.  On the remote tab, the user is added implicitly (because it is a domain admin, and the domain admins are local admins).
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.