Solved

"The local policy of this sytem does not permit you to logon interactively."

Posted on 2012-04-04
10
700 Views
Last Modified: 2012-06-21
Hi,

I have a domain lab (Windows 2003/2008) and want to give a user  remote desktop to some servers and an XP machine.

I added the user to remote desktop AD group but if he remotely logs on to the XP machine, he gets

"The local policy of this sytem does not permit you to logon interactively."

Please advise.
J.
0
Comment
Question by:janhoedt
10 Comments
 
LVL 13

Expert Comment

by:cshepfam
ID: 37805678
You need to do it on the machine that you want to let the user remote into

http://support.microsoft.com/kb/289289

That will do it for you
0
 
LVL 21

Expert Comment

by:motnahp00
ID: 37805679
Check your User Rights Assignment:

Allow log on through Remote Desktop Services
Deny log on locally
Deny log on through Remote Desktop Services
0
 
LVL 11

Expert Comment

by:Ackles
ID: 37805680
Simplest solution , add him to local admin on XP.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 42

Expert Comment

by:sedgwick
ID: 37805710
Click Start, point to Settings, and then click Control Panel.
    Double-click System, and then on the Remote tab, click Select Remote Users.
    Click Add type in the user account name, and then click OK.

    If you are adding more than one user name, use a semicolon to separate the names.

Note: Adding users to the Remote Desktop Group requires that you are logged on through an administrator account.

Also, make sure that the Remote Desktop Users group has sufficient permissions to log on through Terminal Services. To do this, follow these steps:

    Click Start, click Run, type secpol.msc, and then click OK.
    Expand Local Policies, and then click User Rights Assignment.
    In the right pane, double-click Allow logon through Terminal Services. Make sure that the Remote Desktop Users group is listed.
    Click OK.
    In the right pane, double-click Deny logon through Terminal Services. Make sure that the Remote Desktop Users group is not listed, and then click OK.
    Close the Local Security Settings snap-in.

(http://support.microsoft.com/kb/289289#LetMeFixItMyselfAlways)
0
 

Author Comment

by:janhoedt
ID: 37806173
Forgot to mention: I'm working in a domain, so I'm not setting it on the machine itself. Isn't the remote desktop users group sufficient or should I also work via GPO?
0
 

Author Comment

by:janhoedt
ID: 37806337
Adapted the policy, it is there (checked it) but still same message. Please advise.

RD
0
 
LVL 16

Expert Comment

by:ThinkPaper
ID: 37806426
Do an RSoP on that machine. It will tell you what policies are being applied to the machine, and if any policies is prohibiting the user from RDPing. Take a look at what motnahpoo stated.

Also logon directly on the machine, right click "My Computer", Properties and select the "Remote" tab. Make sure that one of the  "Allow connection from computers etc." is checked and that "Don't allow connections to this computer" is NOT checked.

Another question - can YOU remote into the workstation or anyone else (admin and non-admin)? Or is only the user having the issue?
0
 

Author Comment

by:janhoedt
ID: 37806442
I have checked rsop and it is correct, local setting on machine also.
Yes I can remote connect via RDP, that's how I connect always.
0
 

Accepted Solution

by:
janhoedt earned 0 total points
ID: 37806550
I used a policy "restricted groups" and added the users to remote desktop users. This works. However, now I wonder why the ad group remote desktop users exists also.
0
 

Author Closing Comment

by:janhoedt
ID: 37822815
Works
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
An article on effective troubleshooting
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question