Win Server 2003: The local policy of this system does not permit you to logon interac

[dexta182]

Hey all,
I am having this issue trying to TS into my server and I get this message: The local policy of this system does not permit you to logon interactively.

I have seached google and everyone says to edit the log on locally policy, which I have done under Default Domain Controller policy. I added admins to the remote desktop users group, I have tried logging on as a user. Same thing. I dont know if their is any other GP to look at. I have checked the denied log on locally as well but thats clear.

Any suggestions?

 

[Win2kpatcher]

Who are you trying to logon as? Is this happening only with TS or at the server as well?

 

[dexta182]

When I use Remote Desktop connecting to the server I can log on as Admin, but when logging on as a user I cant. I have added the user in the RDC group as well as adding the users group. But same thing.

 

[TheHeadFL]

look in domain controller security policy

look for the policy that says "allow user to logon interactively" and add your RDC group there.

 

[dexta182]

I dont think their is a policy that says that. I have added thr Remote desktop user group to "allow logon local" and "allow logon through TS" under Local policy-user rights assignment.

 

[TheHeadFL]

look in domain security policy then.

there is one in there somewhere. I had this problem a few years back on Win2K. Its always a problem with permissions and such.

Theres several permissions... you need to add them to the actual RDP connection in terminal services manager as well as added to the domain/domain controller security policy.

By default, regular user accounts cannot log on interactively to a domain controller, only domain admins.

Keep rooting around, its a policy in there somewhere.

 

[dexta182]

i have looked but nothing. Windows 2000 is diff to 2003 as remote desktop is newer and the policys are set diff. In windows 2000 you needed to add the user into allow logon local, but in 2003 all you should need to do it add it into the allow login through TS. This is what i have learned. Theroy is all ways easier then pracitical. It sucks. you think yeh thats straight foward but nope.