TSWEB and "not permit you to log on interactively"

[Leon]

Hi

In windows 2000 Server I keep getting "The Local policy of this system does
not permit you to log on interactively."

I've come across this on microsoft:
-----------
This logon right determines which users can interactively
interactively
A local logon process to a computer, when the user types information in the
Log On to Windows dialog box that is displayed by the computer's operating
system or inserts a smart card.log on to this computer. Logons initiated by
pressing CTRL+ALT+DEL sequence on the attached keyboard requires the user to
have this logon right. Additionally this logon right may be required by some
service or administrative applications that can log on users. If you define
this policy for a user or group, you must also give the Administrators group
this right.

Default:

On workstations and servers: Administrators, Backup Operators, Power Users,
Users, and Guest.

On domain controllers: Account Operators, Administrators, Backup Operators,
Print Operators, and Server Operators.

 

[Steven L Umbach]

That is confiured via security policy user rights assignments. That can be
done via local/domain/Organizational Unit level. For instance for domain
controllers [all of them] that would be configure by opening Domain
Controller Security Policy/security settings/local policies/user right
assignments/logon locally. If you do it at the local policy level always
check effective settings which may indicate a domain/OU policy overriding
the local policy. --- Steve

 

[Leon]

Steven,

Thx for getting back to be.

I've added the Users to the Domain GPO Logon Locally security policy, but
still the user is not able to log on.
"The Local policy of this system does not permit you to log on
interactively."

=/

That is confiured via security policy user rights assignments. That can be
done via local/domain/Organizational Unit level. For instance for domain
controllers [all of them] that would be configure by opening Domain
Controller Security Policy/security settings/local policies/user right
assignments/logon locally. If you do it at the local policy level always
check effective settings which may indicate a domain/OU policy overriding
the local policy. --- Steve

Hi

In windows 2000 Server I keep getting "The Local policy of this system does
not permit you to log on interactively."

I've come across this on microsoft:
-----------
This logon right determines which users can interactively
interactively
A local logon process to a computer, when the user types information in the
Log On to Windows dialog box that is displayed by the computer's operating
system or inserts a smart card.log on to this computer. Logons initiated by
pressing CTRL+ALT+DEL sequence on the attached keyboard requires the

user

to
have this logon right. Additionally this logon right may be required by some
service or administrative applications that can log on users. If you define
this policy for a user or group, you must also give the Administrators group
this right.

Default:

On workstations and servers: Administrators, Backup Operators, Power Users,
Users, and Guest.

On domain controllers: Account Operators, Administrators, Backup Operators,
Print Operators, and Server Operators.

 

[Leon]

OK got it =]

Re-applied USERS and TS Users to the list.
This solved the problem and users can now tsweb into the server under remote
admin mode.

One thing I've done in the test environment server is restricted the user
from seeing any of the start menu programs appart the bear minimum. And
denied them the ability to install software via control panel/add/remove.

I can't remember how this was done, article i've found on the web so far
haven't helped.

wonder if you could point me in the right direction.

Thx

Steven,

Thx for getting back to be.

I've added the Users to the Domain GPO Logon Locally security policy, but
still the user is not able to log on.
"The Local policy of this system does not permit you to log on
interactively."

=/

That is confiured via security policy user rights assignments. That can be
done via local/domain/Organizational Unit level. For instance for domain
controllers [all of them] that would be configure by opening Domain
Controller Security Policy/security settings/local policies/user right
assignments/logon locally. If you do it at the local policy level always
check effective settings which may indicate a domain/OU policy overriding
the local policy. --- Steve

Hi

In windows 2000 Server I keep getting "The Local policy of this system does
not permit you to log on interactively."

I've come across this on microsoft:

in
the

Log On to Windows dialog box that is displayed by the computer's operating
system or inserts a smart card.log on to this computer. Logons

initiated
by

pressing CTRL+ALT+DEL sequence on the attached keyboard requires the

user

to
have this logon right. Additionally this logon right may be required

by
some

service or administrative applications that can log on users. If you define
this policy for a user or group, you must also give the Administrators group
this right.

Default:

On workstations and servers: Administrators, Backup Operators, Power Users,
Users, and Guest.

On domain controllers: Account Operators, Administrators, Backup Operators,
Print Operators, and Server Operators.

 

[Steven L Umbach]

Look in Group Policy user configuration/ administrative templates/control
panel add and remove programs and in user configuation/administrative
templates/start menu and task bar for various options to restrict
sers. --- Steve

OK got it =]

Re-applied USERS and TS Users to the list.
This solved the problem and users can now tsweb into the server under remote
admin mode.

One thing I've done in the test environment server is restricted the user
from seeing any of the start menu programs appart the bear minimum. And
denied them the ability to install software via control panel/add/remove.

I can't remember how this was done, article i've found on the web so far
haven't helped.

wonder if you could point me in the right direction.

Thx

Steven,

Thx for getting back to be.

I've added the Users to the Domain GPO Logon Locally security policy, but
still the user is not able to log on.
"The Local policy of this system does not permit you to log on
interactively."

=/

can

be

done via local/domain/Organizational Unit level. For instance for domain
controllers [all of them] that would be configure by opening Domain
Controller Security Policy/security settings/local policies/user right
assignments/logon locally. If you do it at the local policy level always
check effective settings which may indicate a domain/OU policy overriding
the local policy. --- Steve

"Leon" <ap76_at_email.com> wrote in message
Hi

In windows 2000 Server I keep getting "The Local policy of this system
does
not permit you to log on interactively."

I've come across this on microsoft:
-----------
This logon right determines which users can interactively
interactively
A local logon process to a computer, when the user types information in
the
Log On to Windows dialog box that is displayed by the computer's operating
system or inserts a smart card.log on to this computer. Logons initiated
by
pressing CTRL+ALT+DEL sequence on the attached keyboard requires the user
to
have this logon right. Additionally this logon right may be required by
some
service or administrative applications that can log on users. If you
define
this policy for a user or group, you must also give the Administrators
group
this right.

Default:

On workstations and servers: Administrators, Backup Operators, Power
Users,
Users, and Guest.

On domain controllers: Account Operators, Administrators, Backup
Operators,
Print Operators, and Server Operators.