Logging on locally after RD session

From: Romulo A. Ceccon (me_at_privacy.net)
Date: 10/28/04 

Date: Thu, 28 Oct 2004 10:05:45 -0700

Hi,

I'm experiencing a strange problem in a machine where I have just
installed Windows XP. This machine is part of a domain and the user who
is going to use it is a member of the "Standard Users" (not "Power
users") group on the machine and also a member of the "Domain users"
group on the domain.

In order to avoid wasting time setting up the machine I have enabled
Terminal Services on it as soon as the network got alive, so I could
install and configure all the needed stuff without leaving my room.

Before using Remote Desktop I made a test and the user could properly
perform a local logon. Then I connected through RD from my machine
using the domain admin account. Everything worked. Service Pack 2 and
every software needed was installed remotely. And some reboots were
also done remotely without any problem.

When I asked the user to logon locally and start working he received
the message: "Your interactive logon privilege has been disabled." I
went back to that machine, logged on as the domain admin, openned the
"Local security policies" snap-in and ensured the group "Standard user"
(the group the user belongs to) had local logon privilege. Then I
logged off and tried to logon as that user. It worked even without
rebooting nor changing any security setting.

Afterwards I had to do some other things and logged again as the domain
admin through RD. Thereon the problem was back. Logging in locally as
the domain admin solved it.

Thus, the problem is easily reproduceable. After logging on through RD
using the domain admin account the only way to make the user logon
again is to perform a local logon using also the domain admin account.
What's happening?

I intend to leave TS enabled on that machine in order to solve any
problem remotely. This way, after setting up everything, I just call
the user back and say "It's done!", without moving from my chair. Is
this a known (and fixable) problem or I'll always need to stay in front
of that computer?

Thanks in advance. 

-- 
Romulo A. Ceccon
<id>@yahoo.com.br (replace '<id>' by 'romuloceccon')

Relevant Pages

  • Re: Allowing users to install a plug-in?
    ... You don't have to give them a local logon - log on as a domain admin, ... computer, users and groups, Power Users group properties, add their domain ... if you do allow users to install plug-ins you are ...
    (microsoft.public.windows.server.sbs)
  • Re: Multi-Purpose Domain Controllers
    ... these DC's without giving domain admin access. ... They will need to Install Printers, Manage File Shares, Install ... drivers, logon locally and through RDP, restart services and perhaps install ...
    (microsoft.public.windows.server.active_directory)
  • RE: SMS Deployment of Office 2007: Silent w/o user interaction con
    ... night (much less a week or so to spread out the deployment). ... I get more and more discouraged everyday I use SMS. ... The only solution is to wake the computers or just have them on and install ... logs in,the packages is interrupted by the logon, or it forces a restart but ...
    (microsoft.public.sms.swdist)
  • Re: Applications/programs that require admin rights
    ... Updates to Restricted Groups ("Member of") behavior of user-defined local ... Systems Administrator ... you need to be Domain Admin to install software on a ... or use the runas command to install the app on ...
    (microsoft.public.windows.server.active_directory)
  • Re: Security event id 537
    ... Logon Failure. ... From the detail in the event log, the error code 0x80090308 can translated ... You can get the network monitor from the following link and install ...
    (microsoft.public.windows.server.sbs)
Loading