Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

"Your interactive logon privilege has been disabled"

Status
Not open for further replies.
packdragon

packdragon

IS-IT--Management
Jan 21, 2003
459
US
This is our first installation of Windows Server 2003, so I am new to some of the features that make this one different from 2000. I understand that 2003 comes with most of the security holes closed, so users have to open up holes themselves for particular types of access.

Here's the setup - the 2003 box is on a 2000 domain. I am able to log on remotely if I use the built-in Domain Admins account. I am trying to get it so users from another subnet can log on remotely like they can with all the other servers sitting alongside the 2003 box.

When I attempt to log on through Terminal Services, I get the message, "Your interactive logon privilege has been disabled". Sounds like a permissions issue. Here's what I've tried so far:

1. I added myself to the Remote Desktop Users group.
2. I added myself to the local Administrators group.
3. The trial period of Terminal Services has not expired yet because I am able to use it with the Domain Admin account.
4. Verified that Administrators and Remote Desktop Users are set to "Allow Log On Through Terminal Services" in Local Security Settings.
5. Rebooted the computer after all these changes.

None of this has worked and I have run out of useful documentation. Can anyone point me to any other settings I need to change in order to allow non-Domain Admin users remote access?

- Zoe, that's ZOH-EEE, get it right please
- Just a little ol' MCP at Solien Technology
-
 
Sort by date Sort by votes
Hey!

Maybe you could try setting Remote Desktop Users to "Allow logon locally".

Let me know if this helps.
Gregor


 
Upvote 0 Downvote
The local Administrators group already have that privilege, so if my account is in that group, shouldn't I have that priviledge?

Anyway, so I tried adding Remote Desktop Users to the "Allow logon locally" security setting. Then I did gpupdate in the cmd prompt to make sure the policy was in effect. Logged off remotely as the Domain Admin and attempted remote logon as myself... same result.

There IS such a thing as TOO MUCH SECURITY! Anyone have any other suggestions?

- Zoe, that's ZOH-EEE, get it right please
- Just a little ol' MCP at Solien Technology
-
 
Upvote 0 Downvote
1. On the terminal server, use the Registry Editor to navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server.

2. On the Edit menu, press New and DWORD Value.

3. Set the Value Name to IgnoreRegUserConfigErrors.

4. Right-click the new IgnoreRegUserConfigErrors Value Name and press Modify.

5. Set the data value to 1.

6. Press OK.

7. Exit the Registry Editor.

NOTE: When the IgnoreRegUserConfigErrors Value Name is set to 1, Winlogon ignores errors reading the Terminal Services Configuration data and reads the DefaultUserConfig data instead.

Tell me if this works.
Gregor
 
Upvote 0 Downvote
Actually I found that article too... forgot to mention that in my list of things already tried. Sorry! It doesn't work either. I appreciate your trying though. Any other suggestions?

- Zoe, that's ZOH-EEE, get it right please
- Just a little ol' MCP at Solien Technology
-
 
Upvote 0 Downvote
I have a similar setup, my Win2003 server is joined to my Win 2000 AD domain, but is not running AD. I have added myself to the domain admins group, administrators, domain users and users group (default). I can login remotely as my user (not administrator) using terminal services no problem. I have not made any other changes other then that, that I am aware of.

AM
 
Upvote 0 Downvote
Thanks, but that was the FIRST thing I tried, as I said in my first post.

I'm wondering something though... This is an "evaluation copy" of Windows 2003 and it has that printed in the lower right corner all the time along with the build number. Current patches seem incompatible with it. I wonder if this mutant version of 2003 just doesn't have Terminal Services working correctly?

Anyway, I'm not going to worry about it... we're going to flatten it soon and put a REAL version of 2003 on it. Thanks to all who contributed ideas!

- Zoe, that's ZOH-EEE, get it right please
- Just a little ol' MCP at Solien Technology
-
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
341
ADB100
ADB100
Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
627
fightaccording
fightaccording
DrB0b
  • Locked
  • Question
RDWeb server getting hit with odd logon requests....
Replies
1
Views
328
DrB0b
DrB0b
tambrosi
  • Locked
  • Question
The log range read from the file "edb.log" error The read operation will fail with error -
Replies
0
Views
177
tambrosi
tambrosi
Auguy
  • Locked
  • Question
Cannot Run VB.net App as Scheduled Task, Error "0xE0434352"
Replies
5
Views
343
markdmac
markdmac

Part and Inventory Search

Sponsor

Back
Top