Windows XP Pro Remote Desktop, unable to log on. 1

[theeepster]

I am trying to set up a department to use Remote Desktop for a PC they all need to access. It was loaded with Win 2000 Pro, previously, and they didn't want a complete rebuild, so we upgraded it to Win XP Pro. Now, when trying to open a connection they get the screen to log on, and can enter their user id and pwd, but get the message: "The local policy of this system does not allow you to logon interactively". I did double check to make sure that "Allow users to remotely connect to this computer" is checked. I have tried the solution on microsoft.com--making sure that all in the department are admins on the PC. I have also added all domain users to the Select Remote Users section of the remote tab in System Properties. Additionally, I have searched for a policy in gpedit.mcs, and through Local Ssecurity Policies. I found one-- Allow logon through Terminal Services -- and added the department there as well. Does anyone have any input into this one?

 

[Dollar]

Add the User to the local group "Remote Desktop Users". I assume you have already enabled everything else i.e. Remote connections in System Properties etc.

My Computer/Manage
Local Users and Groups
Groups - Remote Desktop Users

Add each individual user account in there, or a domain group which the users are already members of.

 

[theeepster]

Thanks Dollar, but I have already tried that option as well. First I added all domain users, then I added a single user from the department for testing, with the same results.

 

[Dollar]

I have but two other possibles, then I'm out of suggestions - sry!

Start/Run - mmc
File - Add/Remove Snap-in and select "Security Templates"

All of XP security is kept in here...

I don't know which policies (if any) you have applied to your PC's in the company, but the two values I would look at are:
1. Access this computer from the network (generally in "/Setup Security/Local Policies/User rights assignments/..."
2. "/Setup Security/Local Policies/System Services/Remote Access Auto conn manager & remote access manager & remote desktop help session manager"

The above may be configured and require modification. Also, you will find some useful keys to do with Terminal Services (which apply to RD as well) in:
"HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server"

Hope something here helps - I'm out of ideas on this one.

Good luck.

 

[theeepster]

Thanks, again, Dollar. Unfortunately, those solutions had no positive results. And, noe the department head is telling me this isn't as big an issue, using Remote Desktop, as they thought it would be. Looks like we will have to completely rebuild the PC, waxing the upgrade, should it become important. Thanks again.

 

[itfellow]

theeepster,

I have seen this sometimes too.

I have my workstations all members of a windows 2000 domain, and I have one of the domain admins accounts as both admin and remote desktop user on each machine. When I am logged into my own PC as the domain admin account, I can establish the remote connection to any PC, but when I get to the local logon screen, I have to log in with one of the domain admin accounts (which are local admins on the remote PC). If I try to use one of the power user accounts (which all of my users are on their own machines) I get the message "The local policy of this system does not allow you to logon interactively".

I have yet to chase this problem down, since I can work around it by using my domain admin account,but I strongly suspect that there is a policy somewhere that specifies whether certain accounts are allowed to access the PC over the internet. I used to see this happen on Windows NT machines for that reason when using LANDesk.

 

[cdogg]

Have you tried this:

[maroon]Under Administrative Tools:

1) Select User Manager - click the Policies tab, User Rights.
2) Select "Log on locally", and then click Add.
3) The Add Users and Groups dialog box is displayed.
In "List Names From:" select the domain name, and then in the Add Names box type your <domain name\username>.
4) Click OK. [/maroon]


[tab]?


~cdogg
[tab]"All paid jobs absorb and degrade the mind";
[tab][tab]- Aristotle
[tab][navy]For general rules and guidelines to get better answers, click here:[/navy] faq219-2884

 

[theeepster]

Thanks all.

Currently, the issue has become moot as the users no longer have a need to access the PC.

 

[vicentealeman]

To allow other users to connect to your computer
Open System in Control Panel.
Click the Remote tab.
In the Remote Desktop area, click Select Remote Users....
On the Remote Desktop Users dialog box, click Add....
On the Select Users dialog box, click Locations... to specify the search location.
Click Object Types... to specify the types of objects you want to search for.
In the Enter the object names to select (examples): box, type the names of the objects you want to search for.
Click Check Names.
When the name is located, click OK. The name now appears in the list of users on the Remote Desktop Users dialog box.
Notes

To open a Control Panel item, click Start, point to Settings, click Control Panel, and then double-click the appropriate icon.
You must be logged on as an administrator or a member of the Administrators group to add a user to the Remote Users Group.
Related Topics

 

[Dollar]

Just found a link while checking for screensaver stuff...

http://support.microsoft.com/default.aspx?scid=kb;en-us;823659

Do your users have the "Logon locally" right assigned via the policy editor? Might be worth a quick check...

 

[theeepster]

Thanks Dollar, again.

I haven't had time to go through the whole article, but on first glance it's looks to be good information.