?
Solved

The local policy of this system does not permit you to logon interactively

Posted on 2007-07-25
12
Medium Priority
?
5,245 Views
Last Modified: 2013-11-21
Windows XP Pro on a Windows 2003 SBS Domain, remote desktop issue
I already have 7 users setup under remote desktop on the Windows XP Machine
I am getting an error The local Policy of this system does not permit you to logon interactively.  
On the workstation I right click on the my computer, and added the user johnk, then I went to control panel, administratave tools > >local security settings > users rights assignments > Allow logon thru terminal services, then I tried to add user johnk, but all present users are greyed out, please let me know what causes this, thanks for your help
0
Comment
Question by:jaschmerold
  • 4
  • 4
  • 3
  • +1
12 Comments
 
LVL 12

Expert Comment

by:Imtiaz Hasham
ID: 19567336
add user to remote desktop users group on the server.
0
 

Author Comment

by:jaschmerold
ID: 19567823
user already a member of the remote desktop users group on server, user johnk can remotely login to the Windows 2003 server, but can't login to his personal Windows XP Pro workstation on the same domain, 7 other users can login to the Windows XP Pro workstation.  The Allow logon thru terminal services on the Windows XP Pro workstation users are greyed out, can't add or delete the remote desktop users on that workstation or any other workstation, thanks
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 19567994
Sounds like the local policy of that system might be shot....

How to reset security settings back to the defaults
http://support.microsoft.com/kb/313222
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 66

Expert Comment

by:johnb6767
ID: 19568018
Also, might be worth removing the workstation from the domain, delete the AD account for the PC, and then rejoin. Hopefully the policy will refresh and correct any issues...
0
 

Author Comment

by:jaschmerold
ID: 19568566
I tried to add a remote user on 2 other workstations, and I am getting the same results.  I have another customer and theirs is working fine, thanks
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 2000 total points
ID: 19569687
No, nothing is "shot"

My guess is that you did not join the workstations to the domain properly using http://<servername>/connectcomputer

Because this is an SBS based network, you need to configure and manage it according to the SBS documentation and methodology if you expect it to work the way it's advertised.  Users must be added to the domain using the SBS's Add User wizard in the Server Management Console, and Computers must be added at the end of that wizard or by using the Add Client Computer wizard.  Direct adds to ADUC should be avoided because they will not ensure that all other settings and permissions are made.

To correct the problem with the workstations, please follow these steps:
At the client machine:
1.  Log in with THAT machine's LOCAL administrator account.
2.  Unjoin the domain into a WORKGROUP
3.  Change the name of the computer (this is not an option, you must use a name that is unique and hasn't been used before on your SBS)
4.  Delete or rename the following directory C:\Program Files\Microsoft Windows Small Business Server\Clients
5.  Delete the following Registry Key entirely:  HKLM\Software\Microsoft\SmallBusinessServer
6.  Make sure that the network settings are configured to get an IP address automatically (DHCP enabled)
7.  Reboot

Then on the server, from the Server Management Console:
1.  Remove the client computers if it still shows in the Client Computer screen on the Server Management Console
2.  Add the client with it's NEW name using the Setup Client Computers wizard

Then, go back to the client machine, log back in with the local Administrator account.
1.  If there is more than one network interface, make sure that the only one that's enabled is the one connected to the SBS.
2.  Open IE and enter http://<servername>/connectcomputer in the address bar
3.  Supply the domain Administrator credentials when requested and assign appropriate user to the machine
4.  After the machine reboots the second time, log in with the assigned user's credentials to complete the process.

Jeff
TechSoEasy
0
 

Author Comment

by:jaschmerold
ID: 19570196
I little history, The Windows 2003 Server is about 2.5 years old, was migrated from Windows 2000, server.  Is there a way to test this method with only one machine, or do I need to do this with all 10 pc's, which includes 3 notebooks.  BTW I do plan on using the Transfer files Settings wizard first to backup the profile info.  
I would have to schedule a time with the customer to to this, esp if I have to do it on all 10 pc's.  7 of the users already have remote access to their pc's. The other option is just have the one user just access the Windows 2003 server with basic rights.  
Jeff, thanks for your response to the issue.  This does sound like to right answer to the problem, I hope you have a great evening
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 19570287
jaschmerold

Please forgive my comment from ID:19567994, in that I didnt clarify what I was suggesting. I was thinking that you were having problems connecting to an XP workstation, as thats where you were trying to add the users.....

I was simply overthinking the problem, as we often do in this field.....

Good luck with it....
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 19570367
He was trying to connect to the XP Workstations, but with SBS that's done via Remote Web Workplace.  More info on that is at http://sbsurl.com/rww

jaschmerold...

"The other option is just have the one user just access the Windows 2003 server with basic rights"

That's not an option with SBS 2003.  Terminal Services is only for Administration Purposes.  Non-Administrators cannot log into the server (nor should they) and you cannot install applications on the server to run a worker-based remote desktop environment.  If it's just the one user then you can do the above steps on just that person's machine and it should get it working.  But for overall conformity in the network you really need to do it on all of them at some point.

Jeff
TechSoEasy
0
 

Author Comment

by:jaschmerold
ID: 19582776
I thought that this issue was resolved, but when I got to the customers site, but did not work
Hi John, I will also repost this on experts-exchange as well (jaschmerold)
I did do as suggested, but did not resolve issue, I did bring in my own personal notebook, joined the domain, and remote desktop works fine.  None of the workstations will allow adding any new remote desktop employees.  I do know that in the past I would manually add the workstations to the domain, which probable caused this issue.  If you have any other ideas, please let me know

I did notice that if I look at settings under Allow log on through Terminal Services Properties >Local Security Setting, there are 7 employees already listed, but I can neither add user or group or remove them either, but on my notebook it works fine, thru your procedure.  

I did notice under the add or remove users icons there is an !  That says This Setting is not compatible with computers running Windows 2000 Service Pack 1 or earlier.  Apply Group Policy objects containing this setting only to computers running a later version of the operating system
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 19582862
Okay... first of all, can you be clear on your use of Remote Desktop?  

Usually when someone says they are using Remote Desktop it means that they are connecting from somewhere OUTSIDE the office to their workstation INSIDE the office.  This is done by using SBS's Remote Web Workplace.  Info about RWW is at http://sbsurl.com/rww

But it sounds like you are trying to do something different than that, so you'll have to be very clear about who is trying to connect to what.

For instance, what do you mean by "none of the workstations will allow adding any new remote desktop employees"?  You should not be adding user accounts to a workstation at all.  Users are added on the server with the Add User Wizard and that will create a DOMAIN user account for them.  When you join the workstation to the domain properly using the ConnectComputer wizard you can then assign users to that workstation and they will be able to access it remotely.  If you need to add additional users after you've joined the workstation to the domain, or if you want all users to have access you need to add the AD User Account or the Domain Users Security Group to the LOCAL Administrators group of the workstation.   You are just adding an already existing AD Account to the local group, you are not adding or removing a local user account.  Furthermore, you should never need to modify the local security policy of any workstation.

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 19582873
FYI, the Local Security Policy on all workstations should just have "Administrators" and "Remote Desktop Users" listed for "Allow logon through Terminal Services".

and I have no idea what you meant by:
"I did notice under the add or remove users icons there is an !  That says This Setting is not compatible with computers running Windows 2000 Service Pack 1 or earlier.  Apply Group Policy objects containing this setting only to computers running a later version of the operating system"

Since you stated these are Windows XP machines that doesn't apply.

Jeff
TechSoEasy
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
Know what services you can and cannot, should and should not combine on your server.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.
Suggested Courses

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question