Windows NT Remote desktop user running on Windows 2000 DC

  • Thread starter Thread starter DD
  • Start date Start date
D

DD

I have remote terminal service running on windows 2000 backup DC, and I
granted the user logon locally rights on DC policy , but user sometimes can
logon sometime can not logon.

The error ""The local policy of this system does not permit
you to logon interactively

Both Primary & Backup DC granted logon locally for the user.

temporary grant user member of operator group, no problem for them to login.
I think default backup operator can logon locally.
 
hi,
check the deny logon locally security settings.
--
Dragos CAMARA
MCSA Windows 2003 server


"DD" wrote:

> I have remote terminal service running on windows 2000 backup DC, and I
> granted the user logon locally rights on DC policy , but user sometimes can
> logon sometime can not logon.
>
> The error ""The local policy of this system does not permit
> you to logon interactively
>
> Both Primary & Backup DC granted logon locally for the user.
>
> temporary grant user member of operator group, no problem for them to login.
> I think default backup operator can logon locally.
>
>
>
>
>
>
 
Is there a GPO in your domain that resets the security settings?

Side note: Windows 2000 Active Directory Domain Controllers are
(nearly) equal - there are no primary and backup DCs as there were on
NT4.

I hope this helps.

Helge

On 19 Jul., 06:38, DD <D...@discussions.microsoft.com> wrote:
> I have remote terminal service running on windows 2000 backup DC, and I
> granted the user logon locally rights on DC policy , but user sometimes can
> logon sometime can not logon.
>
> The error ""The local policy of this system does not permit
> you to logon interactively
>
> Both Primary & Backup DC granted logon locally for the user.
>
> temporary grant user member of operator group, no problem for them to login.
> I think default backup operator can logon locally.
 
Since it works intermittently, I would check which server was used
for authentication (the value of %logonserver%) when it doesn't
work.
Also enable verbose logging of the user environemnt, which could
tell you about GPO problems. And check the EventLog.

221833 - How to enable user environment debug logging in retail
builds of Windows
http://support.microsoft.com/?kbid=221833

_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

Helge Klein <Helge.Klein@googlemail.com> wrote on 19 jul 2007 in
microsoft.public.windows.terminal_services:

> Is there a GPO in your domain that resets the security settings?
>
> Side note: Windows 2000 Active Directory Domain Controllers are
> (nearly) equal - there are no primary and backup DCs as there
> were on NT4.
>
> I hope this helps.
>
> Helge
>
> On 19 Jul., 06:38, DD <D...@discussions.microsoft.com> wrote:
>> I have remote terminal service running on windows 2000 backup
>> DC, and I granted the user logon locally rights on DC policy ,
>> but user sometimes can logon sometime can not logon.
>>
>> The error ""The local policy of this system does not permit
>> you to logon interactively
>>
>> Both Primary & Backup DC granted logon locally for the user.
>>
>> temporary grant user member of operator group, no problem for
>> them to login. I think default backup operator can logon
>> locally.
 
Deny logon local group is empty.

"Dragos CAMARA" wrote:

> hi,
> check the deny logon locally security settings.
> --
> Dragos CAMARA
> MCSA Windows 2003 server
>
>
> "DD" wrote:
>
> > I have remote terminal service running on windows 2000 backup DC, and I
> > granted the user logon locally rights on DC policy , but user sometimes can
> > logon sometime can not logon.
> >
> > The error ""The local policy of this system does not permit
> > you to logon interactively
> >
> > Both Primary & Backup DC granted logon locally for the user.
> >
> > temporary grant user member of operator group, no problem for them to login.
> > I think default backup operator can logon locally.
> >
> >
> >
> >
> >
> >
 
Where to check any gro reset the security setting ?

I checked the user name always in the allow logon locally.





I

"Helge Klein" wrote:

> Is there a GPO in your domain that resets the security settings?
>
> Side note: Windows 2000 Active Directory Domain Controllers are
> (nearly) equal - there are no primary and backup DCs as there were on
> NT4.
>
> I hope this helps.
>
> Helge
>
> On 19 Jul., 06:38, DD <D...@discussions.microsoft.com> wrote:
> > I have remote terminal service running on windows 2000 backup DC, and I
> > granted the user logon locally rights on DC policy , but user sometimes can
> > logon sometime can not logon.
> >
> > The error ""The local policy of this system does not permit
> > you to logon interactively
> >
> > Both Primary & Backup DC granted logon locally for the user.
> >
> > temporary grant user member of operator group, no problem for them to login.
> > I think default backup operator can logon locally.
>
>
>
 
Back
Top