"The local policy of this sytem does not permit you to logon interactively."

Hi,

I have a domain lab (Windows 2003/2008) and want to give a user  remote desktop to some servers and an XP machine.

I added the user to remote desktop AD group but if he remotely logs on to the XP machine, he gets

"The local policy of this sytem does not permit you to logon interactively."

Please advise.
J.
janhoedtAsked:
Who is Participating?
 
janhoedtConnect With a Mentor Author Commented:
I used a policy "restricted groups" and added the users to remote desktop users. This works. However, now I wonder why the ad group remote desktop users exists also.
0
 
cshepfamCommented:
You need to do it on the machine that you want to let the user remote into

http://support.microsoft.com/kb/289289

That will do it for you
0
 
motnahp00Commented:
Check your User Rights Assignment:

Allow log on through Remote Desktop Services
Deny log on locally
Deny log on through Remote Desktop Services
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
AcklesCommented:
Simplest solution , add him to local admin on XP.
0
 
Meir RivkinFull stack Software EngineerCommented:
Click Start, point to Settings, and then click Control Panel.
    Double-click System, and then on the Remote tab, click Select Remote Users.
    Click Add type in the user account name, and then click OK.

    If you are adding more than one user name, use a semicolon to separate the names.

Note: Adding users to the Remote Desktop Group requires that you are logged on through an administrator account.

Also, make sure that the Remote Desktop Users group has sufficient permissions to log on through Terminal Services. To do this, follow these steps:

    Click Start, click Run, type secpol.msc, and then click OK.
    Expand Local Policies, and then click User Rights Assignment.
    In the right pane, double-click Allow logon through Terminal Services. Make sure that the Remote Desktop Users group is listed.
    Click OK.
    In the right pane, double-click Deny logon through Terminal Services. Make sure that the Remote Desktop Users group is not listed, and then click OK.
    Close the Local Security Settings snap-in.

(http://support.microsoft.com/kb/289289#LetMeFixItMyselfAlways)
0
 
janhoedtAuthor Commented:
Forgot to mention: I'm working in a domain, so I'm not setting it on the machine itself. Isn't the remote desktop users group sufficient or should I also work via GPO?
0
 
janhoedtAuthor Commented:
Adapted the policy, it is there (checked it) but still same message. Please advise.

RD
0
 
ThinkPaperIT ConsultantCommented:
Do an RSoP on that machine. It will tell you what policies are being applied to the machine, and if any policies is prohibiting the user from RDPing. Take a look at what motnahpoo stated.

Also logon directly on the machine, right click "My Computer", Properties and select the "Remote" tab. Make sure that one of the  "Allow connection from computers etc." is checked and that "Don't allow connections to this computer" is NOT checked.

Another question - can YOU remote into the workstation or anyone else (admin and non-admin)? Or is only the user having the issue?
0
 
janhoedtAuthor Commented:
I have checked rsop and it is correct, local setting on machine also.
Yes I can remote connect via RDP, that's how I connect always.
0
 
janhoedtAuthor Commented:
Works
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.