Re: The local policy of this system doesn't allow you to logon int
From: Troubled in Tucson (Tucson_at_discussions.microsoft.com)
Date: 08/13/04
- Next message: Harry Keck: "Why can I not connect with Remote Desktop?"
- Previous message: Jonny Pajamas: "VPN Worked, Suddenly It does not anymore. Get Error 721"
- Next in thread: Jeffrey Randow (MVP): "Re: The local policy of this system doesn't allow you to logon int"
- Reply: Jeffrey Randow (MVP): "Re: The local policy of this system doesn't allow you to logon int"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 13 Aug 2004 09:57:04 -0700
Bill and others,
I have encountered a similar situation to the one listed below, but I have
not found a complete solution.
I upgraded two machines from Windows 2000 to Windows XP. Afterwards, Remote
Desktop did not function, on either computer. We received the message, "The
local policy of this system does not permit you to logon interactively", when
logging on remotely.
Upon further inspection, and perusing the newsgroups, I found that the
policy setting, "Allow logon through Terminal Services", was blank on both
computers. "A ha!", I thought and I entered "Administrators" (local) and
"Remote Desktop Users" to that policy entry, as they should have been by
default. After a quick reboot, I found that only users in the "Remote
Desktop Users" group could access the machine remotely, while users in the
"Administrators" group received the same old message. Going back to the
"Allow logon through Terminal Services" policy entry, showed that only
"Remote Desktop Users" was still listed. Re-adding "Administrators" and then
closing and re-opening the policy editor (I went in through "Local Security
Policy" under Administrative Tools) showed the "Administrators" group missing
again. Apparently an overiding setting somewhere?
In attempting to further troubleshoot the issue, I was using "Computer
Management" to remotely manage these two computers. I found that I could not
view anything on "Event Viewer" or "Device Manager" and received the message,
"Unable to connect to the computer "xxx". The error was: Access is denied."
I should note that we are on an AD domain, I am a Domain Admin, and I can do
this to other computers (2K or XP).
Lastly, someone on the newsgroups mentioned problems editing the registry
remotely so I thought I would give that a try. Again, I can load the
registry from any other computer (using Connect network registry...) in the
registry editor on my computer, except these two. When I try to open HKLM I
receive the message, "Cannot open HKEY_LOCAL_MACHINE: Error while opening the
key"
I have been researching this issue for several weeks now. Microsoft has not
really addressed the bigger issue, that I can find. Sure they have an
article about Remote Desktop, but it doesn't even mention the "Allow logon
through Terminal Services" policy key. This is a specific, and frequently if
not always reproducible issue, with upgraded Windows XP machines, either when
trying to use Remote Desktop or remote Computer Management/Registry editing.
What could be preventing all of these Administrator related functions? If
anyone has and ideas, I'm all ears.
Thanks,
Tom
"Bill Sanderson" wrote:
> Yep. In a number of 2kPro upgrade situations, there's a policy setting that
> gives rise to this error.
>
> I think this is what I am trying to find:
> ----------------------------
> Start->Run, "gpedit.msc"
> Expand Computer Configuration->Windows Settings->Security
> Settings->Local Policies->User Rights Assignment.
>
> On the right side of the snap-in, find "Allow logon
> through Terminal Services".
>
> Remove everything that's there, then Add User or Group,
> and input the account you want to have access.
>
> No reboots required, the policy will affect all
> subsequent Remote Desktop logons. Those accounts not
> allowed via this policy to connect will get back an error
> stating "The local policy of this system does not permit
> you to log on interactively"
>
> Just remember to add at least one account if you want any
> remote desktop access at all...
> --------------------------------
> Courtesy of David Jones.
>
> See if that one is the issue, if not, look in that neighborhood, I think.
>
>
> "Scott Hart" <anonymous@discussions.microsoft.com> wrote in message
> news:5F84A84F-3736-4CB4-A03D-7910E9372932@microsoft.com...
> >I am trying to connect to an XP pro box and get this message: The local
> >policy of this system doesn't allow you to logon interactively.
> >
> > I have verified that the users have been added to the Remote Desktop Users
> > list. I checked the Group Policy and added the two users to LOG ON
> > LOCALLY.
> >
> > This computer was upgraded from Win2K pro.
> >
> > Am I missing anything?
> >
> > Scott
>
>
>
- Next message: Harry Keck: "Why can I not connect with Remote Desktop?"
- Previous message: Jonny Pajamas: "VPN Worked, Suddenly It does not anymore. Get Error 721"
- Next in thread: Jeffrey Randow (MVP): "Re: The local policy of this system doesn't allow you to logon int"
- Reply: Jeffrey Randow (MVP): "Re: The local policy of this system doesn't allow you to logon int"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
