Solved

"The local policy of this sytem does not permit you to logon interactively."

Posted on 2012-04-04
10
702 Views
Last Modified: 2012-06-21
Hi,

I have a domain lab (Windows 2003/2008) and want to give a user  remote desktop to some servers and an XP machine.

I added the user to remote desktop AD group but if he remotely logs on to the XP machine, he gets

"The local policy of this sytem does not permit you to logon interactively."

Please advise.
J.
0
Comment
Question by:janhoedt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 13

Expert Comment

by:cshepfam
ID: 37805678
You need to do it on the machine that you want to let the user remote into

http://support.microsoft.com/kb/289289

That will do it for you
0
 
LVL 21

Expert Comment

by:motnahp00
ID: 37805679
Check your User Rights Assignment:

Allow log on through Remote Desktop Services
Deny log on locally
Deny log on through Remote Desktop Services
0
 
LVL 11

Expert Comment

by:Ackles
ID: 37805680
Simplest solution , add him to local admin on XP.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 42

Expert Comment

by:sedgwick
ID: 37805710
Click Start, point to Settings, and then click Control Panel.
    Double-click System, and then on the Remote tab, click Select Remote Users.
    Click Add type in the user account name, and then click OK.

    If you are adding more than one user name, use a semicolon to separate the names.

Note: Adding users to the Remote Desktop Group requires that you are logged on through an administrator account.

Also, make sure that the Remote Desktop Users group has sufficient permissions to log on through Terminal Services. To do this, follow these steps:

    Click Start, click Run, type secpol.msc, and then click OK.
    Expand Local Policies, and then click User Rights Assignment.
    In the right pane, double-click Allow logon through Terminal Services. Make sure that the Remote Desktop Users group is listed.
    Click OK.
    In the right pane, double-click Deny logon through Terminal Services. Make sure that the Remote Desktop Users group is not listed, and then click OK.
    Close the Local Security Settings snap-in.

(http://support.microsoft.com/kb/289289#LetMeFixItMyselfAlways)
0
 

Author Comment

by:janhoedt
ID: 37806173
Forgot to mention: I'm working in a domain, so I'm not setting it on the machine itself. Isn't the remote desktop users group sufficient or should I also work via GPO?
0
 

Author Comment

by:janhoedt
ID: 37806337
Adapted the policy, it is there (checked it) but still same message. Please advise.

RD
0
 
LVL 16

Expert Comment

by:ThinkPaper
ID: 37806426
Do an RSoP on that machine. It will tell you what policies are being applied to the machine, and if any policies is prohibiting the user from RDPing. Take a look at what motnahpoo stated.

Also logon directly on the machine, right click "My Computer", Properties and select the "Remote" tab. Make sure that one of the  "Allow connection from computers etc." is checked and that "Don't allow connections to this computer" is NOT checked.

Another question - can YOU remote into the workstation or anyone else (admin and non-admin)? Or is only the user having the issue?
0
 

Author Comment

by:janhoedt
ID: 37806442
I have checked rsop and it is correct, local setting on machine also.
Yes I can remote connect via RDP, that's how I connect always.
0
 

Accepted Solution

by:
janhoedt earned 0 total points
ID: 37806550
I used a policy "restricted groups" and added the users to remote desktop users. This works. However, now I wonder why the ad group remote desktop users exists also.
0
 

Author Closing Comment

by:janhoedt
ID: 37822815
Works
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Determining the an SCCM package name from the Package ID
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question