I work in a company that has all our computers on a domain. no one of End Users is local admin. I always use remote desktop to access End Users computers,when I log in with my user name its OK but when I try to log in with End-User user name I got this message
The local policy of this system does not permit you to logon interactively.
I do alot of searches and they said I have to add user name to remote access desktop group, which is difficult because I cannot add all users to the remote desktop group.
when the user become a local admin to his machine , then I can access his computer remotely with his user name, and of course I cannot make all users local admins because I have to break the local admin group policy
so please help
More about :local policy system logon interactively
In addition to what Riser suggested, if you are a small to medium size business you also might benefit from the use of Windows Intune. Windows Intune is great for both remote PC management and security in the cloud. In addition to remote access through Microsoft easy assist, endpoint protection and cloud based management, you can also use Windows Intune for the task of quickly deploying software to the registered computers on your network.
More detailed information about Windows Intune and its features it offers, including remote assistance, can be found here.