Click here to get back home

"the local policy of this system does not permit you to logon interactively"
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
"the local policy of this system does not permit you to logon interactively" ashkaan57 04-11-2007
Get Chitika Premium
Posted by ashkaan57 on April 11, 2007, 5:15 pm
Please log in for more thread options
 Hi,
one of the users is unable to logon to a PC at work through Remote
Desktop Connection. It connects, displays the logon screen and when
she enters her password, it says "The local policy of this system does
not permit you to logon interactively".

- She is a member of Remote Desktop Users (on top of other groups)
- When I right click on My Computer / Properties / Remote, the
checkboxes for Remote Desktop and Remote Assistance are checked. When
I click "Select Remote Users", her user id is listed under the
textbox.
_ She is part of local administrators group.
- I ran secpol.msc on her PC (at work) and made sure that "Allow logon
through terminal services" includes Remote Desktop Users. Also made
sure that "Deny logon ..." did not include Remote Desktop users.
However, "Add User or
Group" and "Remove" buttons are grayed out, so I cannot add her user
ID explicitly (for testing).
- On the server, I checked Domain Controller Security Settings and in
the "Allow logon locally" added her user id.
- Even when I try to login to her PC (through remote desktop
connection) as domain administrator, I get the same error message.

What else do I need to do to get remote desktop working!?
How can I make those "Add User or Group" and "Remove" buttons
activated on her PC at work? I don't think I need to add her
explicitly, since Remote Desktop Users is listed, but just in case ...

Thanks.


Posted by acchong on April 12, 2007, 2:52 am
Please log in for more thread options
 Try to run rsop.msc on the PC. Verify which GPO had successfully applied the
rights - "Allow logon through Terminal Services" and verify if the affected
user account and domain admin is listed in the defined polify. If the account
is not listed there, you can do either:
- change the setting of GPO to not defined and let the local Remote Desktop
user group to control who can logon use Remote Desktop, or
- change the setting of GPO so that the affected user and domain admin have
this right. This will overwrite whatever local settings configured.

BTW, Domain Controller Security Settings have nothing to do with her PC's
remote desktop access. If you provide her "Allow logon locally" rights in
Domain Controller Security Settings, you are given her the privilege to logon
in front of your domain controller.

--
acchong


"ashkaan57@hotmail.com" wrote:

> Hi,
> one of the users is unable to logon to a PC at work through Remote
> Desktop Connection. It connects, displays the logon screen and when
> she enters her password, it says "The local policy of this system does
> not permit you to logon interactively".
>
> - She is a member of Remote Desktop Users (on top of other groups)
> - When I right click on My Computer / Properties / Remote, the
> checkboxes for Remote Desktop and Remote Assistance are checked. When
> I click "Select Remote Users", her user id is listed under the
> textbox.
> _ She is part of local administrators group.
> - I ran secpol.msc on her PC (at work) and made sure that "Allow logon
> through terminal services" includes Remote Desktop Users. Also made
> sure that "Deny logon ..." did not include Remote Desktop users.
> However, "Add User or
> Group" and "Remove" buttons are grayed out, so I cannot add her user
> ID explicitly (for testing).
> - On the server, I checked Domain Controller Security Settings and in
> the "Allow logon locally" added her user id.
> - Even when I try to login to her PC (through remote desktop
> connection) as domain administrator, I get the same error message.
>
> What else do I need to do to get remote desktop working!?
> How can I make those "Add User or Group" and "Remove" buttons
> activated on her PC at work? I don't think I need to add her
> explicitly, since Remote Desktop Users is listed, but just in case ...
>
> Thanks.
>
>

Similar ThreadsPosted
Remote desktop: cannot logon interactively (please help...) March 28, 2006, 1:01 pm
Permit only one network logon per user August 15, 2007, 11:24 am
OpenRowset : DSN : file-system permissions : Local System March 14, 2008, 10:23 am
Is local system account member of local Administrators group? June 21, 2005, 11:33 am
There is no encryption recovery policy configured for this system September 23, 2007, 12:06 am
Automatic certificate enrollment for local system failed August 3, 2006, 10:22 am
Automatic certificate enrollment for local system failed after upgrading member server to domain controller August 25, 2005, 6:11 pm
Successful Logon to DC local machine September 11, 2006, 12:31 pm
Login Interactively June 23, 2005, 8:20 am
Local Computer Policy? July 15, 2006, 7:54 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap