Windows 2000 Server Logon Problem

Archived from groups: microsoft.public.win2000.setup (More info?)

I have setup a Windows 2000 Server that I intend to
eventually load Terminal Services on to. I have joined
the domain and can logon both locally and onto the network.
as long as it's as an Administrator.

The problem I'm having is that I can not add a user and
have them logon with anything less then Administrator
Rights. If I do, I get a message that says,

"The Local Policy of this system does not permit you to
logon interactively".

If I set the user as an Administrator, they can logon
without any problem... But I can't allow that.

I have searched the local policy settings and haven't been
able to locate the correct setting. Please point me in the
right direction.

Thank you,
Jim
6 answers Last reply
More about windows 2000 server logon problem
  1. Archived from groups: microsoft.public.win2000.setup (More info?)

    Jim

    I assume you have promoted this Win2k server to a domain
    controller.

    On the server, logon with administrative rights
    Point Start-Programs-Admin Tools-Domain Controller
    Security Policy.
    Expand Local Policies-User Rights Assignments.
    In the right pane scroll to Log on Locally, right click
    and choose security. Here you can add users or groups with
    permission to log on to the DC.

    Hope this helps
    Paul
    >-----Original Message-----
    >I have setup a Windows 2000 Server that I intend to
    >eventually load Terminal Services on to. I have joined
    >the domain and can logon both locally and onto the
    network.
    >as long as it's as an Administrator.
    >
    >The problem I'm having is that I can not add a user and
    >have them logon with anything less then Administrator
    >Rights. If I do, I get a message that says,
    >
    >"The Local Policy of this system does not permit you to
    >logon interactively".
    >
    >If I set the user as an Administrator, they can logon
    >without any problem... But I can't allow that.
    >
    >I have searched the local policy settings and haven't
    been
    >able to locate the correct setting. Please point me in
    the
    >right direction.
    >
    >Thank you,
    >Jim
    >
    >.
    >
  2. Archived from groups: microsoft.public.win2000.setup (More info?)

    As to whether or not the server was promoted to a domain
    controller, I "think" it was, but to be honest I'm not
    sure. How can that be proven one way or the other?

    >-----Original Message-----
    >Jim
    >
    >I assume you have promoted this Win2k server to a domain
    >controller.
    >
    >On the server, logon with administrative rights
    >Point Start-Programs-Admin Tools-Domain Controller
    >Security Policy.
    >Expand Local Policies-User Rights Assignments.
    >In the right pane scroll to Log on Locally, right click
    >and choose security. Here you can add users or groups
    with
    >permission to log on to the DC.
    >
    >Hope this helps
    >Paul
    >>-----Original Message-----
    >>I have setup a Windows 2000 Server that I intend to
    >>eventually load Terminal Services on to. I have joined
    >>the domain and can logon both locally and onto the
    >network.
    >>as long as it's as an Administrator.
    >>
    >>The problem I'm having is that I can not add a user and
    >>have them logon with anything less then Administrator
    >>Rights. If I do, I get a message that says,
    >>
    >>"The Local Policy of this system does not permit you to
    >>logon interactively".
    >>
    >>If I set the user as an Administrator, they can logon
    >>without any problem... But I can't allow that.
    >>
    >>I have searched the local policy settings and haven't
    >been
    >>able to locate the correct setting. Please point me in
    >the
    >>right direction.
    >>
    >>Thank you,
    >>Jim
    >>
    >>.
    >>
    >.
    >
  3. Archived from groups: microsoft.public.win2000.setup (More info?)

    Jim
    If you can follow my previous instructions, then the
    machine is a domain controller.
    Another way to check is: When you logon, do you have the
    choice of logging on to the local machine? (%computername%
    (This Computer) in the bottom drop down box)
    Regards
    Paul
    >-----Original Message-----
    >As to whether or not the server was promoted to a domain
    >controller, I "think" it was, but to be honest I'm not
    >sure. How can that be proven one way or the other?
    >
    >>-----Original Message-----
    >>Jim
    >>
    >>I assume you have promoted this Win2k server to a domain
    >>controller.
    >>
    >>On the server, logon with administrative rights
    >>Point Start-Programs-Admin Tools-Domain Controller
    >>Security Policy.
    >>Expand Local Policies-User Rights Assignments.
    >>In the right pane scroll to Log on Locally, right click
    >>and choose security. Here you can add users or groups
    >with
    >>permission to log on to the DC.
    >>
    >>Hope this helps
    >>Paul
    >>>-----Original Message-----
    >>>I have setup a Windows 2000 Server that I intend to
    >>>eventually load Terminal Services on to. I have joined
    >>>the domain and can logon both locally and onto the
    >>network.
    >>>as long as it's as an Administrator.
    >>>
    >>>The problem I'm having is that I can not add a user and
    >>>have them logon with anything less then Administrator
    >>>Rights. If I do, I get a message that says,
    >>>
    >>>"The Local Policy of this system does not permit you to
    >>>logon interactively".
    >>>
    >>>If I set the user as an Administrator, they can logon
    >>>without any problem... But I can't allow that.
    >>>
    >>>I have searched the local policy settings and haven't
    >>been
    >>>able to locate the correct setting. Please point me in
    >>the
    >>>right direction.
    >>>
    >>>Thank you,
    >>>Jim
    >>>
    >>>.
    >>>
    >>.
    >>
    >.
    >
  4. Archived from groups: microsoft.public.win2000.setup (More info?)

    Paul,

    Yes I can do these steps and I can choose whether to log
    on locally or to the domain. I added users to the local
    security list. Unfortunately for whatever reason they
    still can't log on unless I give them "Administrator
    Rights".

    Jim

    >-----Original Message-----
    >Jim
    >If you can follow my previous instructions, then the
    >machine is a domain controller.
    >Another way to check is: When you logon, do you have the
    >choice of logging on to the local machine? (%
    computername%
    >(This Computer) in the bottom drop down box)
    >Regards
    >Paul
    >>-----Original Message-----
    >>As to whether or not the server was promoted to a domain
    >>controller, I "think" it was, but to be honest I'm not
    >>sure. How can that be proven one way or the other?
    >>
    >>>-----Original Message-----
    >>>Jim
    >>>
    >>>I assume you have promoted this Win2k server to a
    domain
    >>>controller.
    >>>
    >>>On the server, logon with administrative rights
    >>>Point Start-Programs-Admin Tools-Domain Controller
    >>>Security Policy.
    >>>Expand Local Policies-User Rights Assignments.
    >>>In the right pane scroll to Log on Locally, right click
    >>>and choose security. Here you can add users or groups
    >>with
    >>>permission to log on to the DC.
    >>>
    >>>Hope this helps
    >>>Paul
    >>>>-----Original Message-----
    >>>>I have setup a Windows 2000 Server that I intend to
    >>>>eventually load Terminal Services on to. I have
    joined
    >>>>the domain and can logon both locally and onto the
    >>>network.
    >>>>as long as it's as an Administrator.
    >>>>
    >>>>The problem I'm having is that I can not add a user
    and
    >>>>have them logon with anything less then Administrator
    >>>>Rights. If I do, I get a message that says,
    >>>>
    >>>>"The Local Policy of this system does not permit you
    to
    >>>>logon interactively".
    >>>>
    >>>>If I set the user as an Administrator, they can logon
    >>>>without any problem... But I can't allow that.
    >>>>
    >>>>I have searched the local policy settings and haven't
    >>>been
    >>>>able to locate the correct setting. Please point me in
    >>>the
    >>>>right direction.
    >>>>
    >>>>Thank you,
    >>>>Jim
    >>>>
    >>>>.
    >>>>
    >>>.
    >>>
    >>.
    >>
    >.
    >
  5. Archived from groups: microsoft.public.win2000.setup (More info?)

    Jim

    >Yes I can do these steps and I can choose whether to log
    >on locally or to the domain.

    This machine is not a domain controller. When logging on
    to a domain controller the option to logon to the local
    machine is not available.

    >I added users to the local
    >security list. Unfortunately for whatever reason they
    >still can't log on unless I give them "Administrator
    >Rights".

    By default, members of the users group, either local or
    domain, cannot loggon to server machines.

    To resolve this, create a group in Active Directory ie
    Terminal Services User Group, add any domain user accounts
    who wishes to use the terminal server to this group.

    Next, right click the domain name in Active Directory ie
    yourdomain.com, choose properties - group policy - edit -
    computer configuration - windows settings - security
    settings - local policies - user rights assignments.
    Scroll down to "log on locally" and add your Terminal
    Services User Group.

    When the domain users wishes to loggon to the terminal
    server, ensure they loggon to the domain on the server,
    not the local machine. Note: the terminal server may need
    to be rebooted in order to pick up the new domain policy.

    Regards
    Paul Basham
    MCP
  6. Archived from groups: microsoft.public.win2000.setup (More info?)

    Paul,

    I hope you see this reply... It has been awhile since I
    posted. I finally solved the problem due in large effect
    to your help. I finally brought the computer back to
    square one by loading an image that I created when I
    originally set the server up.

    As soon as I was back to the start point, terminal
    services installed perfectly and works like it is suppose
    too. Apparently a registry key did not set correctly when
    I originally started or something, because I redid
    everything exactly as I had previously done, except this
    time it worked. Thank goodness that I made an image
    and thank you sir for your input!

    Jim

    >-----Original Message-----
    >Jim
    >
    >>Yes I can do these steps and I can choose whether to log
    >>on locally or to the domain.
    >
    >This machine is not a domain controller. When logging on
    >to a domain controller the option to logon to the local
    >machine is not available.
    >
    >>I added users to the local
    >>security list. Unfortunately for whatever reason they
    >>still can't log on unless I give them "Administrator
    >>Rights".
    >
    >By default, members of the users group, either local or
    >domain, cannot loggon to server machines.
    >
    >To resolve this, create a group in Active Directory ie
    >Terminal Services User Group, add any domain user
    accounts
    >who wishes to use the terminal server to this group.
    >
    >Next, right click the domain name in Active Directory ie
    >yourdomain.com, choose properties - group policy - edit -
    >computer configuration - windows settings - security
    >settings - local policies - user rights assignments.
    >Scroll down to "log on locally" and add your Terminal
    >Services User Group.
    >
    >When the domain users wishes to loggon to the terminal
    >server, ensure they loggon to the domain on the server,
    >not the local machine. Note: the terminal server may need
    >to be rebooted in order to pick up the new domain policy.
    >
    >Regards
    >Paul Basham
    >MCP
    >
    >.
    >
Ask a new question

Read More

Windows 2000 Servers Windows