Solved

"The local policy of this sytem does not permit you to logon interactively."

Posted on 2012-04-04
10
699 Views
Last Modified: 2012-06-21
Hi,

I have a domain lab (Windows 2003/2008) and want to give a user  remote desktop to some servers and an XP machine.

I added the user to remote desktop AD group but if he remotely logs on to the XP machine, he gets

"The local policy of this sytem does not permit you to logon interactively."

Please advise.
J.
0
Comment
Question by:janhoedt
10 Comments
 
LVL 13

Expert Comment

by:cshepfam
ID: 37805678
You need to do it on the machine that you want to let the user remote into

http://support.microsoft.com/kb/289289

That will do it for you
0
 
LVL 21

Expert Comment

by:motnahp00
ID: 37805679
Check your User Rights Assignment:

Allow log on through Remote Desktop Services
Deny log on locally
Deny log on through Remote Desktop Services
0
 
LVL 11

Expert Comment

by:Ackles
ID: 37805680
Simplest solution , add him to local admin on XP.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 42

Expert Comment

by:sedgwick
ID: 37805710
Click Start, point to Settings, and then click Control Panel.
    Double-click System, and then on the Remote tab, click Select Remote Users.
    Click Add type in the user account name, and then click OK.

    If you are adding more than one user name, use a semicolon to separate the names.

Note: Adding users to the Remote Desktop Group requires that you are logged on through an administrator account.

Also, make sure that the Remote Desktop Users group has sufficient permissions to log on through Terminal Services. To do this, follow these steps:

    Click Start, click Run, type secpol.msc, and then click OK.
    Expand Local Policies, and then click User Rights Assignment.
    In the right pane, double-click Allow logon through Terminal Services. Make sure that the Remote Desktop Users group is listed.
    Click OK.
    In the right pane, double-click Deny logon through Terminal Services. Make sure that the Remote Desktop Users group is not listed, and then click OK.
    Close the Local Security Settings snap-in.

(http://support.microsoft.com/kb/289289#LetMeFixItMyselfAlways)
0
 

Author Comment

by:janhoedt
ID: 37806173
Forgot to mention: I'm working in a domain, so I'm not setting it on the machine itself. Isn't the remote desktop users group sufficient or should I also work via GPO?
0
 

Author Comment

by:janhoedt
ID: 37806337
Adapted the policy, it is there (checked it) but still same message. Please advise.

RD
0
 
LVL 16

Expert Comment

by:ThinkPaper
ID: 37806426
Do an RSoP on that machine. It will tell you what policies are being applied to the machine, and if any policies is prohibiting the user from RDPing. Take a look at what motnahpoo stated.

Also logon directly on the machine, right click "My Computer", Properties and select the "Remote" tab. Make sure that one of the  "Allow connection from computers etc." is checked and that "Don't allow connections to this computer" is NOT checked.

Another question - can YOU remote into the workstation or anyone else (admin and non-admin)? Or is only the user having the issue?
0
 

Author Comment

by:janhoedt
ID: 37806442
I have checked rsop and it is correct, local setting on machine also.
Yes I can remote connect via RDP, that's how I connect always.
0
 

Accepted Solution

by:
janhoedt earned 0 total points
ID: 37806550
I used a policy "restricted groups" and added the users to remote desktop users. This works. However, now I wonder why the ad group remote desktop users exists also.
0
 

Author Closing Comment

by:janhoedt
ID: 37822815
Works
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question