The local policy does not permit you to logon interactively

Hi all. I am having the weirdest problem. I work in a company that has all our computers on a domain. I think about two years ago I did some registry hack that overrode the Group Policy or Local Policy.

Here is some history:

I am a local administrator on both computers. I have compared all the terminal services local policy line by line on both computers and they are exactly the same.

I ran rsop.msc on both computers and they are exactly the same.

I tried manually adding myself to the remote desktop users on the remote tab of the computer I can't logon and it still doesn't work. The weird thing is that when I check the remote tab it says that my user already has access whether or not im on the list. I never was added any global list of users in GPO.

I checked all the areas that I could think of in the registry for fDenyTSConnections and they are all set to 0. I am totally stumped I have no idea why one computer works with no issue and the other one gives me:

The local policy of this system does not permit you to logon interactively. everytime I try to login through remote desktop. If anyone has any ideas how to fix this it would be greatly appreciated.

ahhgeez is right, we need more info....
Was the remote desktop working and now it doesn't ?
Are the terminals fire walled?
Are you trying to remote within the domain or from outside?
Local administrator gives you only locally rights and only in the computer that you use, not to the domain profiles (i suppose) the computer has. Is that why you did the hack?

Hey all. I have given you all the information that you need.

I have checked all the policies in secpol.msc They are all grayed out anyways I couldn't change them if I wanted too since its on a domain. But to answer your questions Deny login locally is not even configured.

Firewalled? No all the systems on the domain by default have no firewalls on.

If you read my original post I have compared policy line by line and they are the same. I can remote into one of them but the other one I can't and never have been able too.

Yes both computers have RDP enabled.

No im not trying to remote from outside the domain.

Yes I have local admin on both machines and yes I did the hack because I am not a domain admin.

Yes I am trying to use regular windows RDP. By default RDP is not allowed and I some how overroad the global policy. This has to have been done in the registry since local policy changes are corrected every time you re-update the GPO.

I could ask an admin to adjust it for me but this is just for my information. I want to know what I did to override this.

Hope that helps.

I gave that a try and it still gives me the same error. the /admin was not a valid command.

Thanks.

Hi,

I am having the same problem. Were you able to find a fix? I am totally sure it is the Security policy giving the "the local policy of this system does not permit you to logon interactively" error.


Please let me know if you found a fix for this. My email is alberto_zurita@berkeley.edu



-Alberto