Yes I understand what you are saying, but this is my test
machine so not to worry. This DC only has one GP setup and
it's the Default Domain policy. What changes are required to
logon locally as a user...I must be missing something. Is
there a way to run a utility to check what is blocking the
logon like win2003 server has? Alex
"Vera Noest [MVP]" <
[email protected]>
wrote in message
Just to rule out the confusion: since your TS is also a DC,
you must mahe this change in the Default Domain Controller
Security Policy (which is not a good thing to do, that's why
it is not recommended to run TS in Application mode on a
DC).
No I'm running it in application mode. Is there any other
GP that could effect this logon problem> I tried to logon
onto the server with the uses account and received the
same error message, "local policy does not permit you to
logon interactively". I'm stating to wonder if the GP is
no propagating my changes. If it's only the logon locally
GP setting effecting this...something must be going wrong
with the propagation...any other ideas? Alex
message For me it look like you're running TS in administrative
mode (Only domain administrators can connect to that kind
of Terminal Server). Change mode to application server to
connect as a domain user!
Regards
Tom
-----Original Message-----
I've change the group policy as I said but I still can
not logon. I get the
same error message...so I've rebooted the server...no
change...I'm going to
not configure the Logon Locally policy and try
rebooting. Than I add all
the users to the Logon Locally and see if that helps.
I'll keep you
posted...
"Matthew Harris [MVP]" <
[email protected]>
wrote
in message
Sorry to be so confusing. I just meant to adjust the
domain security policy, like the link says to. You
shouldn't need to adjust anything on the client, only
on the server.
Did you do that and it didn't have any affect?
-M
-----Original Message-----
I thought we have been talking about the default
domain
security policy all
along...[yes this is a DC running TS]
So to backup, are you saying I need to change the
security policy on the
member server that I'm using as the TS client...
a;ex
"Matthew Harris [MVP]" <
[email protected]>
wrote
in message
Sorry...ignore that last post. I meant to
say...check
the
domain controller security policy.
check out this link:
http://support.microsoft.com/default.aspx? scid=kb;en
- us;q247989
-M
-----Original Message-----
I added the TS group and the user to "log on
locally"
Group Policy Ran the
secedit /refreshpolicy user_policy /enforce and
also
the
machine refresh
policy. I'm still getting the same error, "The
local
policy of this system
does not permit you to logon interactively"
Must be some other policy blocking this
logon...any
other
thoughts......
message
Thank you,
I'm on it...alex
"Matthew Harris [MVP]"
<
[email protected]>
wrote in message
Go into the user rights portion of your group
policies and
give each user the ability to "log on locally"
-M
-----Original Message-----
" The local policy of this system does not
permit
you to
logon
interactively"
I get this message with I try to log on as a
domain
user. The administrator
account can logon without any errors. I
understand
this
is a GP issue but
with win2k how do I find the problem.
Setup: win2k server w/AD running TS
Client: win2k member server