Terminal Service Logon problem...

Archived from groups: microsoft.public.windowsnt.terminalserver.setup (More info?)

I have a Windows 2000 domain here, and I just installed a Windows Server
2003 member server in the domain too.

Now the problem is that when a user tries to logon(logon to domain) to the
2003 server via terminal service, I got a "The local policy of this system
does not permit you to logon interactively" error message. However, I can't
put all users to the administrator group on the domain cotroller. Is there
any workaround for this?

Thanks a lot.....
3 answers Last reply
More about terminal service logon problem
  1. Archived from groups: microsoft.public.windowsnt.terminalserver.setup (More info?)

    Do the users have the right to logon through Terminal Services?
    Are the users members of the local "Remote Desktop Users" group on
    the 2003 TS?
    This can also occur if you have a licensing problem.
    Anything on the EventLog on the TS?

    --
    Vera Noest
    MCSE, CCEA, Microsoft MVP - Terminal Server
    http://hem.fyristorg.com/vera/IT
    --- please respond in newsgroup, NOT by private email ---

    "felix" <felix(NO-SPAM)@eastop.com> wrote on 20 dec 2004 in
    microsoft.public.windowsnt.terminalserver.setup:

    > I have a Windows 2000 domain here, and I just installed a
    > Windows Server 2003 member server in the domain too.
    >
    > Now the problem is that when a user tries to logon(logon to
    > domain) to the 2003 server via terminal service, I got a "The
    > local policy of this system does not permit you to logon
    > interactively" error message. However, I can't put all users to
    > the administrator group on the domain cotroller. Is there any
    > workaround for this?
    >
    > Thanks a lot.....
  2. Archived from groups: microsoft.public.windowsnt.terminalserver.setup (More info?)

    Thanks for your reply.

    I believe the problem is from permission too. However, since all user
    accounts are in the 2000 DC now(there are no user accounts in the 2003
    member server), there is no Remote Desktop User group I can use.

    I had similar problem before. When a user doesn't have rights to log on via
    Terminal, actually they need a 'log on locally' right defined Domain
    Controller Security Policy. I added users that need to log on via Terminal
    there, and they will be okay. However, this worked for me only when DC and
    Terminal Server are the same machine.

    So is there anything I missed?

    Thanks again.


    "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message
    news:Xns95C5ECF1CEF16veranoesthemutforsse@207.46.248.16...
    > Do the users have the right to logon through Terminal Services?
    > Are the users members of the local "Remote Desktop Users" group on
    > the 2003 TS?
    > This can also occur if you have a licensing problem.
    > Anything on the EventLog on the TS?
    >
    > --
    > Vera Noest
    > MCSE, CCEA, Microsoft MVP - Terminal Server
    > http://hem.fyristorg.com/vera/IT
    > --- please respond in newsgroup, NOT by private email ---
    >
    > "felix" <felix(NO-SPAM)@eastop.com> wrote on 20 dec 2004 in
    > microsoft.public.windowsnt.terminalserver.setup:
    >
    >> I have a Windows 2000 domain here, and I just installed a
    >> Windows Server 2003 member server in the domain too.
    >>
    >> Now the problem is that when a user tries to logon(logon to
    >> domain) to the 2003 server via terminal service, I got a "The
    >> local policy of this system does not permit you to logon
    >> interactively" error message. However, I can't put all users to
    >> the administrator group on the domain cotroller. Is there any
    >> workaround for this?
    >>
    >> Thanks a lot.....
  3. Archived from groups: microsoft.public.windowsnt.terminalserver.setup (More info?)

    Felix,

    there sure is a built-in "Remote Desktop Users" group on your 2003
    server. You have to put the domain user accounts in this group.

    The right to "Log On Locally" is a permission that was needed to
    connect to a W2K Terminal Server. For 2003 TS, this user right is
    not necessary anymore.

    --
    Vera Noest
    MCSE, CCEA, Microsoft MVP - Terminal Server
    http://hem.fyristorg.com/vera/IT
    --- please respond in newsgroup, NOT by private email ---

    "felix" <felix(NO-SPAM)@eastop.com> wrote on 21 dec 2004 in
    microsoft.public.windowsnt.terminalserver.setup:

    > Thanks for your reply.
    >
    > I believe the problem is from permission too. However, since all
    > user accounts are in the 2000 DC now(there are no user accounts
    > in the 2003 member server), there is no Remote Desktop User
    > group I can use.
    >
    > I had similar problem before. When a user doesn't have rights to
    > log on via Terminal, actually they need a 'log on locally' right
    > defined Domain Controller Security Policy. I added users that
    > need to log on via Terminal there, and they will be okay.
    > However, this worked for me only when DC and Terminal Server are
    > the same machine.
    >
    > So is there anything I missed?
    >
    > Thanks again.
    >
    >
    >
    > "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote
    > in message
    > news:Xns95C5ECF1CEF16veranoesthemutforsse@207.46.248.16...
    >> Do the users have the right to logon through Terminal Services?
    >> Are the users members of the local "Remote Desktop Users" group
    >> on the 2003 TS?
    >> This can also occur if you have a licensing problem.
    >> Anything on the EventLog on the TS?
    >>
    >> --
    >> Vera Noest
    >> MCSE, CCEA, Microsoft MVP - Terminal Server
    >> http://hem.fyristorg.com/vera/IT
    >> --- please respond in newsgroup, NOT by private email ---
    >>
    >> "felix" <felix(NO-SPAM)@eastop.com> wrote on 20 dec 2004 in
    >> microsoft.public.windowsnt.terminalserver.setup:
    >>
    >>> I have a Windows 2000 domain here, and I just installed a
    >>> Windows Server 2003 member server in the domain too.
    >>>
    >>> Now the problem is that when a user tries to logon(logon to
    >>> domain) to the 2003 server via terminal service, I got a "The
    >>> local policy of this system does not permit you to logon
    >>> interactively" error message. However, I can't put all users
    >>> to the administrator group on the domain cotroller. Is there
    >>> any workaround for this?
    >>>
    >>> Thanks a lot.....
Ask a new question

Read More

Terminal Domain Servers Windows