Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1309
  • Last Modified:

The local policy of this system does not permit you to logon interactively, local security setting greyed out

Hi John and others with experts exchange users group, I will also repost this on experts-exchange as well (jaschmerold)
Memo please see below for details of issue, thanks
I did do as suggested, but did not resolve issue, I did bring in my own personal notebook, joined the domain, and remote desktop works fine.  None of the workstations will allow adding any new remote desktop employees.  I do know that in the past I would manually add the workstations to the domain, which probable caused this issue.  If you have any other ideas, please let me know.  Also the previous server was a windows 2000 server, but I dont think that this is causing the issue since that server was replaced over 2 years ago, and most of the machines are less than 1 year old.  

I did notice that if I look at settings under Allow log on through Terminal Services Properties >Local Security Setting, there are 7 employees already listed, but I can neither add user or group or remove them either, but on my notebook it works fine, thru your procedure.  

I did notice under the add or remove users icons there is an ! That says This Setting is not compatible with computers running Windows 2000 Service Pack 1 or earlier.  Apply Group Policy objects containing this setting only to computers running a later version of the operating system

 Details on issue, Windows 2003 SBS server, was migrated from Windows 2000 server.  I tried to add 1 user to the windows XP pro remote desktop, but will not all this.  All pc's are joined to the domain.  I right clicked on my computer, and added the user Johnk for remote desktop, no issue.  The issue comes from Local Security Setting folder titled Allow log on through Terminal Services Property, Local Security Setting's users are being greyed out, cant add or remove the users from this area on most of the pc's, including 1 Windows Vista Business Machine, please let me know if anyone had a similar issue.  
BTW I won't be able to respond to any idea's until Sunday evening, I will be going to Chicago for the Weekend, I will be leaving at 6:30 for Chicago, thank for your help
  • 2
2 Solutions
GPO on your Domain Controller. (server 2003)
Go to Admin Tools->Domain Security Policy
expand down to "allow login through terminal services" add who you need.

I would suggest adding the "remote desktop users" group to the group to the policy.  Then use Active Directory to control which users are in the "Remote Desktop Users" Group

 - Brugh
oh and then run "gpupdate /force" from a command prompt on both the server and workstations.
jaschmeroldAuthor Commented:
Thanks very much, it worked, you are a genius.  This make using Experts Exchange very valuable, take care, Jim

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now