Re: The local policy of this system does not permit you to log on interactively

From: Miha Pihler (miha-news_at_atlantis.si)
Date: 07/18/04 

Date: Mon, 19 Jul 2004 00:06:30 +0200

Make sure that you have done it at the right level. These changes should be
done on Domain Controllers OU, not on Domain level or local configuration --
it will not work.

You don't have to make any new OUs, just edit Existing Group Policy on
Existing OU.

Mike

"Oscar" <oku@xs4all.nl> wrote in message
news:e9%23tLxQbEHA.3944@tk2msftngp13.phx.gbl...
> Hi Mike,
>
> as I said before I had added this account also to the "Allow log on
through
> Terminal Services" policy. Still the same message. I've looked in many
> documentations around this subject 'You don't have access to logon to
this
> session' and they all refer to add the user account within the WTS
> connection configuration and grant it rights, which I did of course.
>
> Is it necessary to create a OU to have this working ?
>
>
>
>
> "Miha Pihler" <miha-news@atlantis.si> schreef in bericht
> news:uWSNxUQbEHA.3728@TK2MSFTNGP10.phx.gbl...
> > Hi,
> >
> > Sorry if I missed any new error messages :-).
> >
> > I am not sure about this one, but try this. Open again Group Policy
Editor
> > the same way you did before (look my previous (last) post). Instead of
> > "Allow log on locally" look for "Allow log on through Terminal Services"
> in
> > same page (one setting below previous). Again add your account.
> >
> > I hope this helps,
> >
> > Mike
> >
> > "Oscar" <oku@xs4all.nl> wrote in message
> > news:%23a2BDJQbEHA.3204@TK2MSFTNGP09.phx.gbl...
> > > Hi Mike,
> > >
> > > thanks, this was very clear to me. As I mentioned, the former message
> > > disappeared, however another one :
> > >
> > > 'You don't have access to logon to this session'
> > >
> > > appears now. I've started the WTS configuration and added the user to
> the
> > > list within the permissions TAB of the connection and granted user
> access
> > > and full acces, however the message doesn't disappear. Any suggestions
?
> > > if important : the server is configured as a domain controller.
> > >
> > > Oscar
> > >
> > >
> > >
> > > "Miha Pihler" <miha-news@atlantis.si> schreef in bericht
> > > news:uq4PjzPbEHA.3996@TK2MSFTNGP12.phx.gbl...
> > > > Hi,
> > > >
> > > > open Active Directory Users and Computers MMC. Right click on Domain
> > > > Controllers OU and select Properties. Click on Group Policy tab.
> Select
> > > > "Default Domain Controllers Policy" and click Edit. Once Editor is
> > loaded,
> > > > under Computer Configuration expand Windows Settings > Security
> Settings
> > >
> > > > Local Policies > User Rights Assignment > here look for policy
"Allow
> > > Logon
> > > > Locally" and double click on it. Click Add and look for your
username
> > and
> > > > add it. When you are done
> > > > close all windows by click e.g. OK...
> > > >
> > > > I hope this helps,
> > > >
> > > > Mike
> > > >
> > > > "Oscar" <oku@xs4all.nl> wrote in message
> > > > news:%23RMW5cPbEHA.3512@TK2MSFTNGP12.phx.gbl...
> > > > > Mike,
> > > > >
> > > > > Can you please explain a little bit more details because I could
not
> > > find
> > > > > Computer Configuration > Windows settings (are you using 2003
> Server
> > ?)
> > > > >
> > > > > Could this be the location :
> > > > >
> > > > > Start > Programs > Administrative tools > Domain Security Policy >
> > Local
> > > > > Policies > User Right Assignment
> > > > > there I found the "Allow Logon Locally" policy as well as the
policy
> > > > "Allow
> > > > > Logon Locally on Windows Terminal Server"
> > > > >
> > > > > there was only a checkmark to click (hence no double click) and I
> > added
> > > > the
> > > > > username by typing it (no possibility to look for the username as
> you
> > > > > mentioned)
> > > > >
> > > > > I am not sure whether I did the good thing since it is not the way
> you
> > > > > described to find the policy.
> > > > >
> > > > > Anyway, the user is now able to log on, the message is not
> displayed,
> > > > > however another message appears now : 'You don't have access to
> logon
> > to
> > > > > this session'
> > > > >
> > > > > Any suggestion what to do ?
> > > > >
> > > > > Oscar
> > > > >
> > > > >
> > > > >
> > > > > "Miha Pihler" <miha-news@atlantis.si> schreef in bericht
> > > > > news:Og%23i8eObEHA.3512@TK2MSFTNGP12.phx.gbl...
> > > > > > Hi Oscar,
> > > > > >
> > > > > > open Default Domain Controllers Policy for Editing and expand
> > Computer
> > > > > > Configuration > Windows Settings > Security Settings > User
Rights
> > > > > > Assignment > here look for policy "Allow Logon Locally" and
double
> > > click
> > > > > on
> > > > > > it. Click Add and look for your username and add it. When you
are
> > done
> > > > > close
> > > > > > all windows by click e.g. OK...
> > > > > >
> > > > > > This policy is to protect your domain controllers from any
> ordinary
> > > > domain
> > > > > > user logging on to domain controller. Like you noticed it is
only
> > set
> > > > once
> > > > > > server is promoted to DC.
> > > > > > uitzkr
> > > > > > I hope this helps,
> > > > > >
> > > > > > Mike
> > > > > >
> > > > > > "Oscar" <oku@xs4all.nl> wrote in message
> > > > > > news:eBHjhTObEHA.2408@tk2msftngp13.phx.gbl...
> > > > > > > I've right set up the Active Directory of Windows Server 2003.
> > > Without
> > > > > > > configuring anything at the moment I've tried to connect to
> > Windows
> > > > > > Terminal
> > > > > > > Server. While this has worked all the time before the AD was
> > > > configured,
> > > > > > > right at the log in, the DNS now reports : 'The local policy
of
> > this
> > > > > > system
> > > > > > > does not permit you to log on interactively'. How can I
> configure
> > > this
> > > > > for
> > > > > > a
> > > > > > > user to enable interactively log in ?
> > > > > > >
> > > > > > > Oscar
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: After enabling GPO, client pc needs synchronization
    ... correct DNS configuration. ... Server 2003 domain controllers dynamically register information about ... As far as Group Policy troubleshooting you can use rsop.msc on the client ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Group Policy Delegation of Control
    ... I mean is there in general any impact on domain controllers if group policy ... nothing to do with servers, except some servers related to desktop ... to link GPOs on OUs that contain machines managed by Desktop Team ...
    (microsoft.public.windows.group_policy)
  • Re: Group Policy Delegation of Control
    ... infrastructure, servers, licenses. ... Regarding growth in GPOs: why not to Monitor the growth of GPOs ... downloading the GPO contents and Domain Controllers ... What about utilizing Group Policy for Software Installations, ...
    (microsoft.public.windows.group_policy)
  • Possible Bad Question
    ... Group Policy MMC snap-in on JennyW2KP and configure the account lockout ... lockout Jennifer's Domain Account after two bad logon attempts. ... 2000 Network because the Local Group Policy and Default Domain Controllers ...
    (microsoft.public.cert.exam.mcsa)
  • Possible Bad Question
    ... Group Policy MMC snap-in on JennyW2KP and configure the account lockout ... lockout Jennifer's Domain Account after two bad logon attempts. ... 2000 Network because the Local Group Policy and Default Domain Controllers ...
    (microsoft.public.cert.exam.mcse)