The local policy of this system does not permit you to logon interactively

add user to remote desktop users group on the server.

user already a member of the remote desktop users group on server, user johnk can remotely login to the Windows 2003 server, but can't login to his personal Windows XP Pro workstation on the same domain, 7 other users can login to the Windows XP Pro workstation.  The Allow logon thru terminal services on the Windows XP Pro workstation users are greyed out, can't add or delete the remote desktop users on that workstation or any other workstation, thanks

Sounds like the local policy of that system might be shot....

How to reset security settings back to the defaults
http://support.microsoft.com/kb/313222

Also, might be worth removing the workstation from the domain, delete the AD account for the PC, and then rejoin. Hopefully the policy will refresh and correct any issues...

I tried to add a remote user on 2 other workstations, and I am getting the same results.  I have another customer and theirs is working fine, thanks

I little history, The Windows 2003 Server is about 2.5 years old, was migrated from Windows 2000, server.  Is there a way to test this method with only one machine, or do I need to do this with all 10 pc's, which includes 3 notebooks.  BTW I do plan on using the Transfer files Settings wizard first to backup the profile info.  
I would have to schedule a time with the customer to to this, esp if I have to do it on all 10 pc's.  7 of the users already have remote access to their pc's. The other option is just have the one user just access the Windows 2003 server with basic rights.  
Jeff, thanks for your response to the issue.  This does sound like to right answer to the problem, I hope you have a great evening

jaschmerold

Please forgive my comment from ID:19567994, in that I didnt clarify what I was suggesting. I was thinking that you were having problems connecting to an XP workstation, as thats where you were trying to add the users.....

I was simply overthinking the problem, as we often do in this field.....

Good luck with it....

He was trying to connect to the XP Workstations, but with SBS that's done via Remote Web Workplace.  More info on that is at http://sbsurl.com/rww

jaschmerold...

"The other option is just have the one user just access the Windows 2003 server with basic rights"

That's not an option with SBS 2003.  Terminal Services is only for Administration Purposes.  Non-Administrators cannot log into the server (nor should they) and you cannot install applications on the server to run a worker-based remote desktop environment.  If it's just the one user then you can do the above steps on just that person's machine and it should get it working.  But for overall conformity in the network you really need to do it on all of them at some point.

Jeff
TechSoEasy

I thought that this issue was resolved, but when I got to the customers site, but did not work
Hi John, I will also repost this on experts-exchange as well (jaschmerold)
I did do as suggested, but did not resolve issue, I did bring in my own personal notebook, joined the domain, and remote desktop works fine.  None of the workstations will allow adding any new remote desktop employees.  I do know that in the past I would manually add the workstations to the domain, which probable caused this issue.  If you have any other ideas, please let me know

I did notice that if I look at settings under Allow log on through Terminal Services Properties >Local Security Setting, there are 7 employees already listed, but I can neither add user or group or remove them either, but on my notebook it works fine, thru your procedure.  

I did notice under the add or remove users icons there is an !  That says This Setting is not compatible with computers running Windows 2000 Service Pack 1 or earlier.  Apply Group Policy objects containing this setting only to computers running a later version of the operating system

Okay... first of all, can you be clear on your use of Remote Desktop?  

Usually when someone says they are using Remote Desktop it means that they are connecting from somewhere OUTSIDE the office to their workstation INSIDE the office.  This is done by using SBS's Remote Web Workplace.  Info about RWW is at http://sbsurl.com/rww

But it sounds like you are trying to do something different than that, so you'll have to be very clear about who is trying to connect to what.

For instance, what do you mean by "none of the workstations will allow adding any new remote desktop employees"?  You should not be adding user accounts to a workstation at all.  Users are added on the server with the Add User Wizard and that will create a DOMAIN user account for them.  When you join the workstation to the domain properly using the ConnectComputer wizard you can then assign users to that workstation and they will be able to access it remotely.  If you need to add additional users after you've joined the workstation to the domain, or if you want all users to have access you need to add the AD User Account or the Domain Users Security Group to the LOCAL Administrators group of the workstation.   You are just adding an already existing AD Account to the local group, you are not adding or removing a local user account.  Furthermore, you should never need to modify the local security policy of any workstation.

Jeff
TechSoEasy

FYI, the Local Security Policy on all workstations should just have "Administrators" and "Remote Desktop Users" listed for "Allow logon through Terminal Services".

and I have no idea what you meant by:
"I did notice under the add or remove users icons there is an !  That says This Setting is not compatible with computers running Windows 2000 Service Pack 1 or earlier.  Apply Group Policy objects containing this setting only to computers running a later version of the operating system"

Since you stated these are Windows XP machines that doesn't apply.

Jeff
TechSoEasy