Re: The local policy of this machine does not allow you to logon interactively
From: Vera Noest [MVP] (vera.noest_at_remove-this.hem.utfors.se)
Date: 06/06/04
- Next message: Adam Wilkinson: "Re: Level of TS Server and TS Client isolation"
- Previous message: Vera Noest [MVP]: "RE: GPO half applied"
- In reply to: Mike Silverman: "Re: The local policy of this machine does not allow you to logon interactively"
- Next in thread: Lanwench [MVP - Exchange]: "Re: The local policy of this machine does not allow you to logon interactively"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 06 Jun 2004 15:26:03 -0700
A few comments:
* Dave runs SBS 2000, not 2003
* The right to logon locally can be given to *any* user or user
group, you don't have to be a member of the Administrators group
(but the Administrators group has this right by default).
* He has already given Everyone the right to logon locally
* SBS 2003 does not support Terminal Services (in Application
mode)
* Windows 2003 TS does *not* require the right to log on locally
(this has changed since W2K TS). Unless it runs on a Domain
Controller, of course, which it shouldn't).
Dave, you write that you have modified the Domain Group policy,
but you have to modify the Default Domain Controller Group policy.
--
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
--- please respond in newsgroup, NOT by private email ---
Mike Silverman <Noah.Body@nowhere.ca> wrote in
news:#vaef4ATEHA.1244@TK2MSFTNGP10.phx.gbl:
> Dave,
>
> When you have a Windows 2003 server (be it SBS or member
> server), and you install terminal services, in order for users
> to connect, they must be able to log on locally. This is
> granted through the 'allow logon locally' right. In SBS,
> because it is automatically a DC, in order for users to log on
> locally to a DC, they must be a member of the administrators
> group. There's no other way around it.
>
> Mike.
>
> dave wrote:
>
>> I fogot to add...all users also have rights to RDP-TCP.
>>
>> dave wrote:
>>
>>
>>>I am having trouble with our Windows 2000 SBS install. First of
>>>all, when we promoted this server to a domain controller (it is
>>>the only server in our domain), all the users were for some
>>>reason added to the domain admins group. This is a problem
>>>because now we are having problems with users shutting down the
>>>server because they are now able to see the "Shut Down" option
>>>instead of just the "Log off..." and "Disconnect" options. I am
>>>removing users from the domain admins group now, but when the
>>>users are removed, they can no longer get into Terminal
>>>Services. The get the message: "the local policy of this
>>>machine does not allow you to logon interactively"
>>>I checked the Domain Group policy and added the everyone group
>>>"access this computer from the network" and "log on locally"
>>>rights. I looked at the Local Computer Policy for the server
>>>and noone is denied access. What is the deal?
- Next message: Adam Wilkinson: "Re: Level of TS Server and TS Client isolation"
- Previous message: Vera Noest [MVP]: "RE: GPO half applied"
- In reply to: Mike Silverman: "Re: The local policy of this machine does not allow you to logon interactively"
- Next in thread: Lanwench [MVP - Exchange]: "Re: The local policy of this machine does not allow you to logon interactively"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
