Re: The local policy of this system does not permit you to log on interactively
From: Miha Pihler (miha-news_at_atlantis.si)
Date: 07/18/04
- Next message: Jonathan Maltz [MS-MVP]: "Re: Full Crush Dump - 0x000000d1 (0x77f68b33, 0x000000ff, 0x00000000, 0x77f68b33)"
- Previous message: Miha Pihler: "Re: The local policy of this system does not permit you to log on interactively"
- In reply to: Miha Pihler: "Re: The local policy of this system does not permit you to log on interactively"
- Next in thread: Kristofer Gafvert: "Re: The local policy of this system does not permit you to log on interactively"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 19 Jul 2004 00:13:46 +0200
Also try this:
To grant a user these permissions, start either the Active Directory Users
and Computers snap-in or the Local Users And Groups snap-in, open the user's
properties, click the Terminal Services Profile tab, and then click to
select the Allow logon to Terminal Server check box.
Mike
"Miha Pihler" <miha-news@atlantis.si> wrote in message
news:eIdQBORbEHA.808@tk2msftngp13.phx.gbl...
> Make sure that you have done it at the right level. These changes should
be
> done on Domain Controllers OU, not on Domain level or local
configuration --
> it will not work.
>
> You don't have to make any new OUs, just edit Existing Group Policy on
> Existing OU.
>
> Mike
>
> "Oscar" <oku@xs4all.nl> wrote in message
> news:e9%23tLxQbEHA.3944@tk2msftngp13.phx.gbl...
> > Hi Mike,
> >
> > as I said before I had added this account also to the "Allow log on
> through
> > Terminal Services" policy. Still the same message. I've looked in many
> > documentations around this subject 'You don't have access to logon to
> this
> > session' and they all refer to add the user account within the WTS
> > connection configuration and grant it rights, which I did of course.
> >
> > Is it necessary to create a OU to have this working ?
> >
> >
> >
> >
> > "Miha Pihler" <miha-news@atlantis.si> schreef in bericht
> > news:uWSNxUQbEHA.3728@TK2MSFTNGP10.phx.gbl...
> > > Hi,
> > >
> > > Sorry if I missed any new error messages :-).
> > >
> > > I am not sure about this one, but try this. Open again Group Policy
> Editor
> > > the same way you did before (look my previous (last) post). Instead of
> > > "Allow log on locally" look for "Allow log on through Terminal
Services"
> > in
> > > same page (one setting below previous). Again add your account.
> > >
> > > I hope this helps,
> > >
> > > Mike
> > >
> > > "Oscar" <oku@xs4all.nl> wrote in message
> > > news:%23a2BDJQbEHA.3204@TK2MSFTNGP09.phx.gbl...
> > > > Hi Mike,
> > > >
> > > > thanks, this was very clear to me. As I mentioned, the former
message
> > > > disappeared, however another one :
> > > >
> > > > 'You don't have access to logon to this session'
> > > >
> > > > appears now. I've started the WTS configuration and added the user
to
> > the
> > > > list within the permissions TAB of the connection and granted user
> > access
> > > > and full acces, however the message doesn't disappear. Any
suggestions
> ?
> > > > if important : the server is configured as a domain controller.
> > > >
> > > > Oscar
> > > >
> > > >
> > > >
> > > > "Miha Pihler" <miha-news@atlantis.si> schreef in bericht
> > > > news:uq4PjzPbEHA.3996@TK2MSFTNGP12.phx.gbl...
> > > > > Hi,
> > > > >
> > > > > open Active Directory Users and Computers MMC. Right click on
Domain
> > > > > Controllers OU and select Properties. Click on Group Policy tab.
> > Select
> > > > > "Default Domain Controllers Policy" and click Edit. Once Editor is
> > > loaded,
> > > > > under Computer Configuration expand Windows Settings > Security
> > Settings
> > > >
> > > > > Local Policies > User Rights Assignment > here look for policy
> "Allow
> > > > Logon
> > > > > Locally" and double click on it. Click Add and look for your
> username
> > > and
> > > > > add it. When you are done
> > > > > close all windows by click e.g. OK...
> > > > >
> > > > > I hope this helps,
> > > > >
> > > > > Mike
> > > > >
> > > > > "Oscar" <oku@xs4all.nl> wrote in message
> > > > > news:%23RMW5cPbEHA.3512@TK2MSFTNGP12.phx.gbl...
> > > > > > Mike,
> > > > > >
> > > > > > Can you please explain a little bit more details because I could
> not
> > > > find
> > > > > > Computer Configuration > Windows settings (are you using 2003
> > Server
> > > ?)
> > > > > >
> > > > > > Could this be the location :
> > > > > >
> > > > > > Start > Programs > Administrative tools > Domain Security Policy
>
> > > Local
> > > > > > Policies > User Right Assignment
> > > > > > there I found the "Allow Logon Locally" policy as well as the
> policy
> > > > > "Allow
> > > > > > Logon Locally on Windows Terminal Server"
> > > > > >
> > > > > > there was only a checkmark to click (hence no double click) and
I
> > > added
> > > > > the
> > > > > > username by typing it (no possibility to look for the username
as
> > you
> > > > > > mentioned)
> > > > > >
> > > > > > I am not sure whether I did the good thing since it is not the
way
> > you
> > > > > > described to find the policy.
> > > > > >
> > > > > > Anyway, the user is now able to log on, the message is not
> > displayed,
> > > > > > however another message appears now : 'You don't have access to
> > logon
> > > to
> > > > > > this session'
> > > > > >
> > > > > > Any suggestion what to do ?
> > > > > >
> > > > > > Oscar
> > > > > >
> > > > > >
> > > > > >
> > > > > > "Miha Pihler" <miha-news@atlantis.si> schreef in bericht
> > > > > > news:Og%23i8eObEHA.3512@TK2MSFTNGP12.phx.gbl...
> > > > > > > Hi Oscar,
> > > > > > >
> > > > > > > open Default Domain Controllers Policy for Editing and expand
> > > Computer
> > > > > > > Configuration > Windows Settings > Security Settings > User
> Rights
> > > > > > > Assignment > here look for policy "Allow Logon Locally" and
> double
> > > > click
> > > > > > on
> > > > > > > it. Click Add and look for your username and add it. When you
> are
> > > done
> > > > > > close
> > > > > > > all windows by click e.g. OK...
> > > > > > >
> > > > > > > This policy is to protect your domain controllers from any
> > ordinary
> > > > > domain
> > > > > > > user logging on to domain controller. Like you noticed it is
> only
> > > set
> > > > > once
> > > > > > > server is promoted to DC.
> > > > > > > uitzkr
> > > > > > > I hope this helps,
> > > > > > >
> > > > > > > Mike
> > > > > > >
> > > > > > > "Oscar" <oku@xs4all.nl> wrote in message
> > > > > > > news:eBHjhTObEHA.2408@tk2msftngp13.phx.gbl...
> > > > > > > > I've right set up the Active Directory of Windows Server
2003.
> > > > Without
> > > > > > > > configuring anything at the moment I've tried to connect to
> > > Windows
> > > > > > > Terminal
> > > > > > > > Server. While this has worked all the time before the AD was
> > > > > configured,
> > > > > > > > right at the log in, the DNS now reports : 'The local policy
> of
> > > this
> > > > > > > system
> > > > > > > > does not permit you to log on interactively'. How can I
> > configure
> > > > this
> > > > > > for
> > > > > > > a
> > > > > > > > user to enable interactively log in ?
> > > > > > > >
> > > > > > > > Oscar
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: Jonathan Maltz [MS-MVP]: "Re: Full Crush Dump - 0x000000d1 (0x77f68b33, 0x000000ff, 0x00000000, 0x77f68b33)"
- Previous message: Miha Pihler: "Re: The local policy of this system does not permit you to log on interactively"
- In reply to: Miha Pihler: "Re: The local policy of this system does not permit you to log on interactively"
- Next in thread: Kristofer Gafvert: "Re: The local policy of this system does not permit you to log on interactively"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
