The local policy of this system does not permit you to logon interactively, local security setting greyed out

Posted on 2007-07-27
Last Modified: 2008-01-09
Hi John and others with experts exchange users group, I will also repost this on experts-exchange as well (jaschmerold)
Memo please see below for details of issue, thanks
I did do as suggested, but did not resolve issue, I did bring in my own personal notebook, joined the domain, and remote desktop works fine.  None of the workstations will allow adding any new remote desktop employees.  I do know that in the past I would manually add the workstations to the domain, which probable caused this issue.  If you have any other ideas, please let me know.  Also the previous server was a windows 2000 server, but I dont think that this is causing the issue since that server was replaced over 2 years ago, and most of the machines are less than 1 year old.  

I did notice that if I look at settings under Allow log on through Terminal Services Properties >Local Security Setting, there are 7 employees already listed, but I can neither add user or group or remove them either, but on my notebook it works fine, thru your procedure.  

I did notice under the add or remove users icons there is an ! That says This Setting is not compatible with computers running Windows 2000 Service Pack 1 or earlier.  Apply Group Policy objects containing this setting only to computers running a later version of the operating system

 Details on issue, Windows 2003 SBS server, was migrated from Windows 2000 server.  I tried to add 1 user to the windows XP pro remote desktop, but will not all this.  All pc's are joined to the domain.  I right clicked on my computer, and added the user Johnk for remote desktop, no issue.  The issue comes from Local Security Setting folder titled Allow log on through Terminal Services Property, Local Security Setting's users are being greyed out, cant add or remove the users from this area on most of the pc's, including 1 Windows Vista Business Machine, please let me know if anyone had a similar issue.  
BTW I won't be able to respond to any idea's until Sunday evening, I will be going to Chicago for the Weekend, I will be leaving at 6:30 for Chicago, thank for your help
Question by:jaschmerold
    LVL 9

    Accepted Solution

    GPO on your Domain Controller. (server 2003)
    Go to Admin Tools->Domain Security Policy
    expand down to "allow login through terminal services" add who you need.

    I would suggest adding the "remote desktop users" group to the group to the policy.  Then use Active Directory to control which users are in the "Remote Desktop Users" Group

     - Brugh
    LVL 9

    Assisted Solution

    oh and then run "gpupdate /force" from a command prompt on both the server and workstations.

    Author Comment

    Thanks very much, it worked, you are a genius.  This make using Experts Exchange very valuable, take care, Jim

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Suggested Solutions

    Storage devices are generally used to save the data or sometime transfer the data from one computer system to another system. However, sometimes user accidentally erased their important data from the Storage devices. Users have to know how data reco…
    I use more than 1 computer in my office for various reasons. Multiple keyboards and mice take up more than just extra space, they make working a little more complicated. Using one mouse and keyboard for all of my computers makes life easier. This co…
    In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
    With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now