User "Cannot logon interactively"; copy of same account can logon just fine

[Marlon Brown]

On a Win2K server SP4, MyUser attmpts to logon onto Server1 and gets
message "The local policy of
this system does not permit you to logon interactively

Then I copied her account and CopyMyUser can logon just fine.



From examining the server, I understand the logon permission is controlled
on Terminal Server:



I see tht Server1/Users are able to have Guest, User access to the server.

Then on the respective "Users" group on the local server, I see that
"MyDomain\Domain Users" global group is added there.

The question is, why MyUser Doamin User membership is apparently failing.



Have you seen this problem happening before ?

 

[Vera Noest [MVP]]

The error message that you get indicates that MyUser does not have
the right to "Log On Locally" to the server. This is a user right,
and not an rdp-tcp permission. Check the Log On Locally setting in
your Group Policy.

Security Settings\Local Policies\User Rights Assignment\Log On
Locally

 

[Marlon Brown]

Correct, but I already verified that the "Users" group has the rights to
logon locally and User1 is not added to any deny local logon on that server.
Users group contains "mydomain\domain users".
User1 is a member of domain users.
In addition, I added User1 to the "local Users" group on that server; still
getting same cannot logon locally behavior.