| Author |
Message |
Josh
Guest
|
 Posted:
Thu Feb 10, 2005 11:52 pm Post subject:
The local policy of this system does not allow you to log on |
|
|
I have a question regarding an issue that I have come across. When
trying to login with
remote desktop to a terminal server I receive the following error
message "Local policy does not
permit you to log on interactively". I checked in the default domain
controller GPO for "Allow Logon Locally", but the user and its group is
already
added. I also checked "Deny Logon Locally" and nothing is configured.
The users that are having problems are part of domain
users group, unlike myself which am part of the administrators group
and
logon fine remotely. I am trying to logon to the Terminal Server
machine and not another workstation
The problem only occurs when I am trying to login remotely using
remote
desktop as a domain user. I also can logon fine when physically sitting
behind the machine, whether as user or admin.
We are running 2003 servers (1 Domain Controller w/License Server for
Term Serv and 1 Term Server) and XP Pro/2000 Pro
machines. |
|
| Back to top |
|
 |
Don Wilwol
Guest
|
| Posted:
Fri Feb 11, 2005 2:36 am Post subject:
Re: The local policy of this system does not allow you to lo |
|
|
You said you checked the default domain controller policy. If the term
server isn't a DC, then you need to either configure it locally, or on the
default domain policy, or another GPO that will hit the term servers.
--
Don Wilwol
http://spaces.msn.com/members/wilwol/
"Josh" <mrblonde@ameritech.net> wrote in message
news:1108057935.411461.261270@g14g2000cwa.googlegroups.com...
| Quote: | I have a question regarding an issue that I have come across. When
trying to login with
remote desktop to a terminal server I receive the following error
message "Local policy does not
permit you to log on interactively". I checked in the default domain
controller GPO for "Allow Logon Locally", but the user and its group is
already
added. I also checked "Deny Logon Locally" and nothing is configured.
The users that are having problems are part of domain
users group, unlike myself which am part of the administrators group
and
logon fine remotely. I am trying to logon to the Terminal Server
machine and not another workstation
The problem only occurs when I am trying to login remotely using
remote
desktop as a domain user. I also can logon fine when physically sitting
behind the machine, whether as user or admin.
We are running 2003 servers (1 Domain Controller w/License Server for
Term Serv and 1 Term Server) and XP Pro/2000 Pro
machines.
|
|
|
| Back to top |
|
|
Josh
Guest
|
| Posted:
Fri Feb 11, 2005 3:07 am Post subject:
Re: The local policy of this system does not allow you to lo |
|
|
That is correct. The Terminal Server is not a DC. It is a member
server.
Questions:
1.How would I configure the Terminal Server locally if AD is not
running on that server. The options for the users and groups are not
the same and the users do not exist at the Terminal Server
2.If I configure the default domain policy, should I not define the
policy settings in the default domain CONTROLLER policy to avoid
confusion?
3.I have tried creating new OU's and placing the users and/or pc's in
them, but I am still getting the error when I log on from a remote pc
with a user without domain admin rights.
My only guess is that I am getting the error because I am connecting to
the Terminal Server who is a member of the Active Directory and there
are too many policies defined. |
|
| Back to top |
|
|
Don Wilwol
Guest
|
| Posted:
Fri Feb 11, 2005 4:42 am Post subject:
Re: The local policy of this system does not allow you to lo |
|
|
<See Inline>
--
Don Wilwol
http://spaces.msn.com/members/wilwol/
"Josh" <mrblonde@ameritech.net> wrote in message
news:1108069637.824750.327660@g14g2000cwa.googlegroups.com...
| Quote: | That is correct. The Terminal Server is not a DC. It is a member
server.
Questions:
1.How would I configure the Terminal Server locally if AD is not
running on that server. The options for the users and groups are not
the same and the users do not exist at the Terminal Server
|
Right click my computer, select the remote tab, select the check box to
allow users to connect. You must also add the users or group to the remote
desktop users group in the domain.
| Quote: | 2.If I configure the default domain policy, should I not define the
policy settings in the default domain CONTROLLER policy to avoid
confusion?
|
I would use a group policy and set it at the OU the term servers are in. If
you add it to the default domain controller policy, you are giving the users
the right to log on to a DC, since this server is NOT a DC, they still will
not have the rights.
| Quote: | 3.I have tried creating new OU's and placing the users and/or pc's in
them, but I am still getting the error when I log on from a remote pc
with a user without domain admin rights.
|
Once again, you have to either create a GPO and link it to the OU, or do it
locally. Create an OU. Put the term servers in the OU. Create a GPO with the
log on locally rights as you want them, then link it to the OU. This should
work.
| Quote: |
My only guess is that I am getting the error because I am connecting to
the Terminal Server who is a member of the Active Directory and there
are too many policies defined. |
|
|
| Back to top |
|
|
Josh
Guest
|
| Posted:
Fri Feb 11, 2005 6:32 am Post subject:
Re: The local policy of this system does not allow you to lo |
|
|
| Quote: | Right click my computer, select the remote tab, select the check box
to
allow users to connect.
|
This is checked on the Terminal Server and the DC
| Quote: | You must also add the users or group to the remote desktop users group
in the >domain. |
I have added the group Domain Users to the Builtin Group Remote Desktop
Users
| Quote: | I would use a group policy and set it at the OU the term servers are
in. |
I have created an OU named Terminal Server and placed the remote pc and
the Terminal Server inside it.
I created a GPO named Terminal Server Policy and linked it to the
Terminal Server OU. I edited the GPO and defined "Allow Log on
locally" to Administrators and Remote Desktop Users. I did the same
for "Allow Log on through Terminal Services". I closed all open pages
and ran gpupdate /force
I tried to logon from remote desktop and got the same error.
| Quote: | If you add it to the default domain controller policy, you are giving
the users |
the right to log on to a DC, since this server is NOT a DC, they still
will
not have the rights. |
|
| Back to top |
|
|
Steven L Umbach
Guest
|
| Posted:
Fri Feb 11, 2005 6:43 am Post subject:
Re: The local policy of this system does not allow you to lo |
|
|
Logon to the problem computer at the console and check Local Security Policy
[secpol.msc]. TS users need to be in the Remote Desktop Users group and that
group needs to have the user right for "allow logon through Terminal
Services". Go to security settings/local policies/user rights. Note that
deny logon through TS will override a user's "allow" user right. If you can
not configure the user right in Local Security Policy you will need to find
the overriding Group Policy, gpresult and RSOP can help with that, or create
an OU for the TS with it's own GPO to configure the user rights to your
needs. --- Steve
"Josh" <mrblonde@ameritech.net> wrote in message
news:1108057935.411461.261270@g14g2000cwa.googlegroups.com...
| Quote: | I have a question regarding an issue that I have come across. When
trying to login with
remote desktop to a terminal server I receive the following error
message "Local policy does not
permit you to log on interactively". I checked in the default domain
controller GPO for "Allow Logon Locally", but the user and its group is
already
added. I also checked "Deny Logon Locally" and nothing is configured.
The users that are having problems are part of domain
users group, unlike myself which am part of the administrators group
and
logon fine remotely. I am trying to logon to the Terminal Server
machine and not another workstation
The problem only occurs when I am trying to login remotely using
remote
desktop as a domain user. I also can logon fine when physically sitting
behind the machine, whether as user or admin.
We are running 2003 servers (1 Domain Controller w/License Server for
Term Serv and 1 Term Server) and XP Pro/2000 Pro
machines.
|
|
|
| Back to top |
|
|
Don Wilwol
Guest
|
| Posted:
Fri Feb 11, 2005 6:48 am Post subject:
Re: The local policy of this system does not allow you to lo |
|
|
Try adding the users directly to the remote desktop group.
dw
--
Don Wilwol
http://spaces.msn.com/members/wilwol/
"Josh" <mrblonde@ameritech.net> wrote in message
news:1108081927.186531.311130@z14g2000cwz.googlegroups.com...
| Quote: | Right click my computer, select the remote tab, select the check box
to
allow users to connect.
This is checked on the Terminal Server and the DC
You must also add the users or group to the remote desktop users group
in the >domain.
I have added the group Domain Users to the Builtin Group Remote Desktop
Users
I would use a group policy and set it at the OU the term servers are
in.
I have created an OU named Terminal Server and placed the remote pc and
the Terminal Server inside it.
I created a GPO named Terminal Server Policy and linked it to the
Terminal Server OU. I edited the GPO and defined "Allow Log on
locally" to Administrators and Remote Desktop Users. I did the same
for "Allow Log on through Terminal Services". I closed all open pages
and ran gpupdate /force
I tried to logon from remote desktop and got the same error.
If you add it to the default domain controller policy, you are giving
the users
the right to log on to a DC, since this server is NOT a DC, they still
will
not have the rights.
|
|
|
| Back to top |
|
|
Glenn L
Guest
|
| Posted:
Fri Feb 11, 2005 6:48 am Post subject:
Re: The local policy of this system does not allow you to lo |
|
|
Josh,
I can't tell if you have this issue resolved yet. It appears you may be
having trouble getting group policy to work, or the settings are not having
the desired affect.
There are essentially 4 things required for RDP to work for domain users.
3 have been mentioned already.
1)add domain users group to the remote desktop users group on the server.
2)verify the "allow users to connect" is checked on the remote tab of my
computer properties
3)remote desktop users group must be granted the "allow logon through
terminal services"
4)access the 'terminal services configuration" snapin from administrative
templates. Highlight connections and access the properties of the RDP-TCP
object. go to the permissions tab and verify the remote desktop users group
is listed and has allow user and allow guest access.
--
Glenn L
CCNA, MCSE 2000/2003 + Security
"Don Wilwol" <wilwol@capital.net> wrote in message
news:eZY7%23i9DFHA.1564@TK2MSFTNGP09.phx.gbl...
| Quote: | Try adding the users directly to the remote desktop group.
dw
--
Don Wilwol
http://spaces.msn.com/members/wilwol/
"Josh" <mrblonde@ameritech.net> wrote in message
news:1108081927.186531.311130@z14g2000cwz.googlegroups.com...
Right click my computer, select the remote tab, select the check box
to
allow users to connect.
This is checked on the Terminal Server and the DC
You must also add the users or group to the remote desktop users group
in the >domain.
I have added the group Domain Users to the Builtin Group Remote Desktop
Users
I would use a group policy and set it at the OU the term servers are
in.
I have created an OU named Terminal Server and placed the remote pc and
the Terminal Server inside it.
I created a GPO named Terminal Server Policy and linked it to the
Terminal Server OU. I edited the GPO and defined "Allow Log on
locally" to Administrators and Remote Desktop Users. I did the same
for "Allow Log on through Terminal Services". I closed all open pages
and ran gpupdate /force
I tried to logon from remote desktop and got the same error.
If you add it to the default domain controller policy, you are giving
the users
the right to log on to a DC, since this server is NOT a DC, they still
will
not have the rights.
|
|
|
| Back to top |
|
|
Josh
Guest
|
| Posted:
Tue Feb 15, 2005 12:35 am Post subject:
Re: The local policy of this system does not allow you to lo |
|
|
| Quote: | Try adding the users directly to the remote desktop group.
|
I added the user to the remote desktod Users builtin group
....got the error
| Quote: | 1)add domain users group to the remote desktop users group on >the
server. |
Done
| Quote: | 2)verify the "allow users to connect" is checked on the >remote tab of
my
computer properties
|
Done
| Quote: | 3)remote desktop users group must be granted the "allow logon >through
terminal services"
|
I have created a new OU Named Terminal Services. I have placed the
Terminal Server and the remote machine that is trying to connect to the
the Terminal Server in the OU. I have created a new Policy for this OU
named Terminal Server Policy. Remote Desktop Users has been set to
Allow log on locally and Allow log on through Terminal Services
| Quote: | 4)access the 'terminal services configuration" snapin from
administrative
templates. Highlight connections and access the properties >of the
RDP-TCP
object. go to the permissions tab and verify the remote >desktop
users group
is listed and has allow user and allow guest access.
|
Remote Desktop Users has Full Control
| Quote: | Logon to the problem computer at the console and check Local >Security
Policy
[secpol.msc]. TS users need to be in the Remote Desktop Users >group
and that
group needs to have the user right for "allow logon through >Terminal
Services". Go to security settings/local policies/user >rights. Note
that
deny logon through TS will override a user's "allow" user >right. If
you can
not configure the user right in Local Security Policy you >will need
to find
the overriding Group Policy, gpresult and RSOP can help with >that, or
create
an OU for the TS with it's own GPO to configure the user >rights to
your
needs. --- Steve
|
Even though the TS is in a GPO I did this anyway I ran gpupdate /force
I still get the same error, The local policy of this system does not
allow you to log on interactively
I rebooted both the Terminal Server and the Active Directory Server.
Tried again, but still no luck. |
|
| Back to top |
|
|
Josh
Guest
|
| Posted:
Tue Feb 15, 2005 1:18 am Post subject:
Re: The local policy of this system does not allow you to lo |
|
|
I was reading a post on MS and I think this applies to me
You will need to switch to application mode. Remote administration mode
is
for administrating. Or give them administrator rights. It depends on
what
you are wanting to accomplish.
How do I switch to application mode? |
|
| Back to top |
|
|
Josh
Guest
|
| Posted:
Tue Feb 15, 2005 2:44 am Post subject:
Re: The local policy of this system does not allow you to lo |
|
|
Here are the settings from the gpresult.exe on the Terminal Server
Computer for user admin
RSOP data for XLINE\Administrator on XLINE : Logging Mode
----------------------------------------------------------
OS Type: Microsoft(R) Windows(R) Server 2003,
Standard Editi
on
OS Configuration: Member Server
OS Version: 5.2.3790
Terminal Server Mode: Application Server
Site Name: Default-First-Site-Name
Roaming Profile: C:\Documents and Settings\Administrator
Local Profile: C:\Documents and
Settings\Administrator.XLINE
Connected over a slow link?: Yes
COMPUTER SETTINGS
------------------
Last time Group Policy was applied: 2/14/2005 at 11:32:09 AM
Group Policy was applied from: xline.crossline.com
Group Policy slow link threshold: 500 kbps
Domain Name: XLINE0
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
Local Group Policy
The computer is a part of the following security groups
-------------------------------------------------------
BUILTIN\Administrators
Everyone
NT AUTHORITY\Authenticated Users
USER SETTINGS
--------------
Last time Group Policy was applied: N/A
Group Policy was applied from: N/A
Group Policy slow link threshold: 500 kbps
Domain Name: XLINE
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
Local Group Policy
The user is a part of the following security groups
---------------------------------------------------
None
Everyone
BUILTIN\Administrators
BUILTIN\Users
REMOTE INTERACTIVE LOGON
NT AUTHORITY\INTERACTIVE
TERMINAL SERVER USER
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
NTLM Authentication
C:\Documents and Settings\Administrator>gpresult.exe
Here are the settings for the user on the Active Directory Server
RSOP data for XLINE0\thomas on LICENSE : Logging Mode
------------------------------------------------------
OS Type: Microsoft(R) Windows(R) Server 2003,
Standard Editi
on
OS Configuration: Primary Domain Controller
OS Version: 5.2.3790
Terminal Server Mode: Remote Administration
Site Name: Default-First-Site-Name
Roaming Profile:
Local Profile: C:\Documents and Settings\thomas.XLINE0
Connected over a slow link?: No
USER SETTINGS
--------------
CN=thomas,CN=Users,DC=xline,DC=com
Last time Group Policy was applied: 2/14/2005 at 1:27:30 PM
Group Policy was applied from: license.xline.com
Group Policy slow link threshold: 500 kbps
Domain Name: XLINE0
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
Default Domain Policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups
---------------------------------------------------
Domain Users
Everyone
Remote Desktop Users
BUILTIN\Users
BUILTIN\Pre-Windows 2000 Compatible Access
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
C:\Documents and Settings\thomas.XLINE0>
One thing that stands out is the where the group policies were applied.
On the terminal server it states "xline.crossline.com" On the Active
Directory Server it states "license.xline.com" |
|
| Back to top |
|
|
Don Wilwol
Guest
|
| Posted:
Tue Feb 15, 2005 4:12 am Post subject:
Re: The local policy of this system does not allow you to lo |
|
|
Two thoughts.
1. Make sure your passwords are not blank. You can not use remote desktop
with blank passwords
2. Remote desktops only allow 2 sessions per server. You could have two
sessions hung. Make sure there are no sessions active.
--
Hope it helps...........
dw
Don Wilwol
Blog - http://spaces.msn.com/members/wilwol/
Web - http://capital.net/~wilwol/dw.htm
DonWilwol@yahoo.com
"Josh" <mrblonde@ameritech.net> wrote in message
news:1108413849.849923.48400@f14g2000cwb.googlegroups.com...
| Quote: | Here are the settings from the gpresult.exe on the Terminal Server
Computer for user admin
RSOP data for XLINE\Administrator on XLINE : Logging Mode
----------------------------------------------------------
OS Type: Microsoft(R) Windows(R) Server 2003,
Standard Editi
on
OS Configuration: Member Server
OS Version: 5.2.3790
Terminal Server Mode: Application Server
Site Name: Default-First-Site-Name
Roaming Profile: C:\Documents and Settings\Administrator
Local Profile: C:\Documents and
Settings\Administrator.XLINE
Connected over a slow link?: Yes
COMPUTER SETTINGS
------------------
Last time Group Policy was applied: 2/14/2005 at 11:32:09 AM
Group Policy was applied from: xline.crossline.com
Group Policy slow link threshold: 500 kbps
Domain Name: XLINE0
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
Local Group Policy
The computer is a part of the following security groups
-------------------------------------------------------
BUILTIN\Administrators
Everyone
NT AUTHORITY\Authenticated Users
USER SETTINGS
--------------
Last time Group Policy was applied: N/A
Group Policy was applied from: N/A
Group Policy slow link threshold: 500 kbps
Domain Name: XLINE
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
Local Group Policy
The user is a part of the following security groups
---------------------------------------------------
None
Everyone
BUILTIN\Administrators
BUILTIN\Users
REMOTE INTERACTIVE LOGON
NT AUTHORITY\INTERACTIVE
TERMINAL SERVER USER
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
NTLM Authentication
C:\Documents and Settings\Administrator>gpresult.exe
Here are the settings for the user on the Active Directory Server
RSOP data for XLINE0\thomas on LICENSE : Logging Mode
------------------------------------------------------
OS Type: Microsoft(R) Windows(R) Server 2003,
Standard Editi
on
OS Configuration: Primary Domain Controller
OS Version: 5.2.3790
Terminal Server Mode: Remote Administration
Site Name: Default-First-Site-Name
Roaming Profile:
Local Profile: C:\Documents and Settings\thomas.XLINE0
Connected over a slow link?: No
USER SETTINGS
--------------
CN=thomas,CN=Users,DC=xline,DC=com
Last time Group Policy was applied: 2/14/2005 at 1:27:30 PM
Group Policy was applied from: license.xline.com
Group Policy slow link threshold: 500 kbps
Domain Name: XLINE0
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
Default Domain Policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups
---------------------------------------------------
Domain Users
Everyone
Remote Desktop Users
BUILTIN\Users
BUILTIN\Pre-Windows 2000 Compatible Access
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
C:\Documents and Settings\thomas.XLINE0
One thing that stands out is the where the group policies were applied.
On the terminal server it states "xline.crossline.com" On the Active
Directory Server it states "license.xline.com"
|
|
|
| Back to top |
|
|
Josh
Guest
|
| Posted:
Tue Feb 15, 2005 4:44 am Post subject:
Re: The local policy of this system does not allow you to lo |
|
|
Don,
Thanks for all of your help so far. It is appreciated.
Don Wilwol wrote:
| Quote: | Two thoughts.
1. Make sure your passwords are not blank. You can not use remote
desktop
with blank passwords
|
I have a password for my user
| Quote: | 2. Remote desktops only allow 2 sessions per server. You could have
two
sessions hung. Make sure there are no sessions active.
|
Here is a copy of the query session command
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>query session
SESSIONNAME USERNAME ID STATE TYPE
DEVICE
| Quote: | console Administrator 0 Active wdcon
rdp-tcp 65536 Listen rdpwd |
C:\Documents and Settings\Administrator>
| Quote: | Hope it helps...........
dw
Don Wilwol
Blog - http://spaces.msn.com/members/wilwol/
Web - http://capital.net/~wilwol/dw.htm
DonWilwol@yahoo.com
"Josh" <mrblonde@ameritech.net> wrote in message
news:1108413849.849923.48400@f14g2000cwb.googlegroups.com...
Here are the settings from the gpresult.exe on the Terminal Server
Computer for user admin
RSOP data for XLINE\Administrator on XLINE : Logging Mode
----------------------------------------------------------
OS Type: Microsoft(R) Windows(R) Server 2003,
Standard Editi
on
OS Configuration: Member Server
OS Version: 5.2.3790
Terminal Server Mode: Application Server
Site Name: Default-First-Site-Name
Roaming Profile: C:\Documents and
Settings\Administrator
Local Profile: C:\Documents and
Settings\Administrator.XLINE
Connected over a slow link?: Yes
COMPUTER SETTINGS
------------------
Last time Group Policy was applied: 2/14/2005 at 11:32:09 AM
Group Policy was applied from: xline.crossline.com
Group Policy slow link threshold: 500 kbps
Domain Name: XLINE0
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
Local Group Policy
The computer is a part of the following security groups
-------------------------------------------------------
BUILTIN\Administrators
Everyone
NT AUTHORITY\Authenticated Users
USER SETTINGS
--------------
Last time Group Policy was applied: N/A
Group Policy was applied from: N/A
Group Policy slow link threshold: 500 kbps
Domain Name: XLINE
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
Local Group Policy
The user is a part of the following security groups
---------------------------------------------------
None
Everyone
BUILTIN\Administrators
BUILTIN\Users
REMOTE INTERACTIVE LOGON
NT AUTHORITY\INTERACTIVE
TERMINAL SERVER USER
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
NTLM Authentication
C:\Documents and Settings\Administrator>gpresult.exe
Here are the settings for the user on the Active Directory Server
RSOP data for XLINE0\thomas on LICENSE : Logging Mode
------------------------------------------------------
OS Type: Microsoft(R) Windows(R) Server 2003,
Standard Editi
on
OS Configuration: Primary Domain Controller
OS Version: 5.2.3790
Terminal Server Mode: Remote Administration
Site Name: Default-First-Site-Name
Roaming Profile:
Local Profile: C:\Documents and
Settings\thomas.XLINE0
Connected over a slow link?: No
USER SETTINGS
--------------
CN=thomas,CN=Users,DC=xline,DC=com
Last time Group Policy was applied: 2/14/2005 at 1:27:30 PM
Group Policy was applied from: license.xline.com
Group Policy slow link threshold: 500 kbps
Domain Name: XLINE0
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
Default Domain Policy
The following GPOs were not applied because they were filtered
out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups
---------------------------------------------------
Domain Users
Everyone
Remote Desktop Users
BUILTIN\Users
BUILTIN\Pre-Windows 2000 Compatible Access
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
C:\Documents and Settings\thomas.XLINE0
One thing that stands out is the where the group policies were
applied.
On the terminal server it states "xline.crossline.com" On the
Active
Directory Server it states "license.xline.com"
|
|
|
| Back to top |
|
|
Don Wilwol
Guest
|
| Posted:
Tue Feb 15, 2005 6:42 am Post subject:
Re: The local policy of this system does not allow you to lo |
|
|
Try to open a desktop session, right from the desktop of the server.
--
Hope it helps...........
dw
Don Wilwol
Blog - http://spaces.msn.com/members/wilwol/
Web - http://capital.net/~wilwol/dw.htm
DonWilwol@yahoo.com
"Josh" <mrblonde@ameritech.net> wrote in message
news:1108421089.478186.204660@z14g2000cwz.googlegroups.com...
| Quote: | Don,
Thanks for all of your help so far. It is appreciated.
Don Wilwol wrote:
Two thoughts.
1. Make sure your passwords are not blank. You can not use remote
desktop
with blank passwords
I have a password for my user
2. Remote desktops only allow 2 sessions per server. You could have
two
sessions hung. Make sure there are no sessions active.
Here is a copy of the query session command
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>query session
SESSIONNAME USERNAME ID STATE TYPE
DEVICE
console Administrator 0 Active wdcon
rdp-tcp 65536 Listen rdpwd
C:\Documents and Settings\Administrator
Hope it helps...........
dw
Don Wilwol
Blog - http://spaces.msn.com/members/wilwol/
Web - http://capital.net/~wilwol/dw.htm
DonWilwol@yahoo.com
"Josh" <mrblonde@ameritech.net> wrote in message
news:1108413849.849923.48400@f14g2000cwb.googlegroups.com...
Here are the settings from the gpresult.exe on the Terminal Server
Computer for user admin
RSOP data for XLINE\Administrator on XLINE : Logging Mode
----------------------------------------------------------
OS Type: Microsoft(R) Windows(R) Server 2003,
Standard Editi
on
OS Configuration: Member Server
OS Version: 5.2.3790
Terminal Server Mode: Application Server
Site Name: Default-First-Site-Name
Roaming Profile: C:\Documents and
Settings\Administrator
Local Profile: C:\Documents and
Settings\Administrator.XLINE
Connected over a slow link?: Yes
COMPUTER SETTINGS
------------------
Last time Group Policy was applied: 2/14/2005 at 11:32:09 AM
Group Policy was applied from: xline.crossline.com
Group Policy slow link threshold: 500 kbps
Domain Name: XLINE0
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
Local Group Policy
The computer is a part of the following security groups
-------------------------------------------------------
BUILTIN\Administrators
Everyone
NT AUTHORITY\Authenticated Users
USER SETTINGS
--------------
Last time Group Policy was applied: N/A
Group Policy was applied from: N/A
Group Policy slow link threshold: 500 kbps
Domain Name: XLINE
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
Local Group Policy
The user is a part of the following security groups
---------------------------------------------------
None
Everyone
BUILTIN\Administrators
BUILTIN\Users
REMOTE INTERACTIVE LOGON
NT AUTHORITY\INTERACTIVE
TERMINAL SERVER USER
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
NTLM Authentication
C:\Documents and Settings\Administrator>gpresult.exe
Here are the settings for the user on the Active Directory Server
RSOP data for XLINE0\thomas on LICENSE : Logging Mode
------------------------------------------------------
OS Type: Microsoft(R) Windows(R) Server 2003,
Standard Editi
on
OS Configuration: Primary Domain Controller
OS Version: 5.2.3790
Terminal Server Mode: Remote Administration
Site Name: Default-First-Site-Name
Roaming Profile:
Local Profile: C:\Documents and
Settings\thomas.XLINE0
Connected over a slow link?: No
USER SETTINGS
--------------
CN=thomas,CN=Users,DC=xline,DC=com
Last time Group Policy was applied: 2/14/2005 at 1:27:30 PM
Group Policy was applied from: license.xline.com
Group Policy slow link threshold: 500 kbps
Domain Name: XLINE0
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
Default Domain Policy
The following GPOs were not applied because they were filtered
out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups
---------------------------------------------------
Domain Users
Everyone
Remote Desktop Users
BUILTIN\Users
BUILTIN\Pre-Windows 2000 Compatible Access
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
C:\Documents and Settings\thomas.XLINE0
One thing that stands out is the where the group policies were
applied.
On the terminal server it states "xline.crossline.com" On the
Active
Directory Server it states "license.xline.com"
|
|
|
| Back to top |
|
|
Josh
Guest
|
| Posted:
Tue Feb 15, 2005 6:48 am Post subject:
Re: The local policy of this system does not allow you to lo |
|
|
Don Wilwol wrote:
| Quote: | Try to open a desktop session, right from the desktop of the server.
|
If I do that from the Terminal Server, type the username and password
and select the domain, I get the error
If I do that from the DC, type the username and password and select the
domain, I get the error
I cannot select (this computer) from the log on to: area because that
user name does not exist on the Terminal Server Computer and I will get
an error. The Terminal Server and DC are two seperate PC's. |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in