Discussion:
Group Policy, Remote Desktop and Domain Controller question
(too old to reply)
Daveyd
2005-01-20 23:57:01 UTC
Permalink
I have a 2k3 DC. I want to give an ordinary user the rights to use Remote
Desktop to access the Domain Controller.

It was my understanding that, on the Domain Controller, I would...

1) Enable Remote Desktop on the DC
2) Put the user in the Remote Desktop Users Group
3) Modify the Domain Controllers GPO to allow that user the right to log on
locally

When I do this and try to log in as the user, I get the error message The
local policy of this system does not allow you to log in interactively...what
gives?
Rickard
2005-01-21 20:11:41 UTC
Permalink
Did you do a gpupdate/force?

Rickard
Post by Daveyd
I have a 2k3 DC. I want to give an ordinary user the rights to use Remote
Desktop to access the Domain Controller.
It was my understanding that, on the Domain Controller, I would...
1) Enable Remote Desktop on the DC
2) Put the user in the Remote Desktop Users Group
3) Modify the Domain Controllers GPO to allow that user the right to log on
locally
When I do this and try to log in as the user, I get the error message The
local policy of this system does not allow you to log in
interactively...what
gives?
Rickard
2005-01-22 14:48:38 UTC
Permalink
You also need to grant the users "Allow logon locally" on the local security
policy on the DC.

Rickard
Post by Rickard
Did you do a gpupdate/force?
Rickard
Post by Daveyd
I have a 2k3 DC. I want to give an ordinary user the rights to use Remote
Desktop to access the Domain Controller.
It was my understanding that, on the Domain Controller, I would...
1) Enable Remote Desktop on the DC
2) Put the user in the Remote Desktop Users Group
3) Modify the Domain Controllers GPO to allow that user the right to log on
locally
When I do this and try to log in as the user, I get the error message The
local policy of this system does not allow you to log in
interactively...what
gives?
Daveyd
2005-01-23 17:39:06 UTC
Permalink
The only way I could get it to work is put the ordinary user in the Remote
Users Group. Assign the Remote Users Group the right to log on through
Terminal Services....but I would lose the administrators ability to log onto
the Domain Controller through Remote Desktop. I have to add the
administrator account to Remote Desktop users group

If I add the Remote Desktop users group to Allow logon locally or I just add
the specific user, it does not work.
Post by Rickard
You also need to grant the users "Allow logon locally" on the local security
policy on the DC.
Rickard
Post by Rickard
Did you do a gpupdate/force?
Rickard
Post by Daveyd
I have a 2k3 DC. I want to give an ordinary user the rights to use Remote
Desktop to access the Domain Controller.
It was my understanding that, on the Domain Controller, I would...
1) Enable Remote Desktop on the DC
2) Put the user in the Remote Desktop Users Group
3) Modify the Domain Controllers GPO to allow that user the right to log on
locally
When I do this and try to log in as the user, I get the error message The
local policy of this system does not allow you to log in
interactively...what
gives?
Daveyd
2005-01-27 00:13:02 UTC
Permalink
Anyone??
Post by Daveyd
The only way I could get it to work is put the ordinary user in the Remote
Users Group. Assign the Remote Users Group the right to log on through
Terminal Services....but I would lose the administrators ability to log onto
the Domain Controller through Remote Desktop. I have to add the
administrator account to Remote Desktop users group
If I add the Remote Desktop users group to Allow logon locally or I just add
the specific user, it does not work.
Post by Rickard
You also need to grant the users "Allow logon locally" on the local security
policy on the DC.
Rickard
Post by Rickard
Did you do a gpupdate/force?
Rickard
Post by Daveyd
I have a 2k3 DC. I want to give an ordinary user the rights to use Remote
Desktop to access the Domain Controller.
It was my understanding that, on the Domain Controller, I would...
1) Enable Remote Desktop on the DC
2) Put the user in the Remote Desktop Users Group
3) Modify the Domain Controllers GPO to allow that user the right to log on
locally
When I do this and try to log in as the user, I get the error message The
local policy of this system does not allow you to log in
interactively...what
gives?
Mieke
2005-02-08 16:09:09 UTC
Permalink
On W2k I did this:
On the Terminal Server, start Administrative TOOLS, Terminal Services
Configuration, open folder Connections, right-click on RDP connection, open
Properties, on Tab Permissions add the user with user rights.

I hope this works the same for your W2k3...

Mieke
Post by Daveyd
I have a 2k3 DC. I want to give an ordinary user the rights to use Remote
Desktop to access the Domain Controller.
It was my understanding that, on the Domain Controller, I would...
1) Enable Remote Desktop on the DC
2) Put the user in the Remote Desktop Users Group
3) Modify the Domain Controllers GPO to allow that user the right to log on
locally
When I do this and try to log in as the user, I get the error message The
local policy of this system does not allow you to log in interactively...what
gives?
Loading...