RDP logon issue
p3te844
Member Posts: 13 ■□□□□□□□□□
I remote a WinXP Pro machine from my XP Home machine. I have Server 2003 setup on one of my other computers with AD setup. So when I remote the machine and I go to log onto the domain with a user account I created in AD, I get "The local policy on this machine doesn't allow interactive logon" something along those words.
Why is this happening, I add the Domain Users group to the Remote Desktop Users group and that doesn't work. Also, I add the Domain Users group to the Print Operators and Server Operators and still can't log on to the network through RDP.
Is there something I have to do on the local XP Pro machine, because It doesn't see any groups that are apart of my domain. Am I missing something here. The only way I can log onto the domain through RDP if I had the Domain Admins group to my test account that I'm using to log on with.
Help!? Thanks!
:
Why is this happening, I add the Domain Users group to the Remote Desktop Users group and that doesn't work. Also, I add the Domain Users group to the Print Operators and Server Operators and still can't log on to the network through RDP.
Is there something I have to do on the local XP Pro machine, because It doesn't see any groups that are apart of my domain. Am I missing something here. The only way I can log onto the domain through RDP if I had the Domain Admins group to my test account that I'm using to log on with.
Help!? Thanks!
: Comments
-
fluk3d
Member Posts: 141 ■■■□□□□□□□
check to see how your group policy for the domain is setup. gpedit.msc if by default in the security settings it's set to administrators, and remote desktop users you will have to be a part of that group otherwise, you can modify the policy to include the user account your trying to login to."Imagination is more important than knowledge." - Albert Einstein
-
dynamik
Banned Posts: 12,312 ■■■■■■■■■□
Is the machine you're trying to log on to a domain controller?
I think you'll need to assign the user or group the logon locally privilege in user rights assignment. -
msnelgrove
Member Posts: 167
I would check that out first.Is the machine you're trying to log on to a domain controller?
I think you'll need to assign the user or group the logon locally privilege in user rights assignment.
Open up the default domain security policy (or domain controller depending where your Terminal Server is) local policies ->user rights assignment -> make sure you group is listed in "allow logon through terminal services"
If your terminal server is a separate member server I would open up the Terminal Services Configuration MMC -> right click on the RDP-TCP connection in the right pane -> select properties -> click on the permissions tab. Make sure that the user or group has sufficient privileges, also make sure that the group that the user belongs to isn't a local group (ServerX\Remote desktop users)
You might have to make a new group in the domain and add this group into the RDP-TCP permissions and group policy setting
Hope this fixes it! -
snadam
Member Posts: 2,234 ■■■■□□□□□□
p3te844 wrote:I remote a WinXP Pro machine from my XP Home machine. I have Server 2003 setup on one of my other computers with AD setup. So when I remote the machine and I go to log onto the domain with a user account I created in AD, I get "The local policy on this machine doesn't allow interactive logon" something along those words.
Why is this happening, I add the Domain Users group to the Remote Desktop Users group and that doesn't work. Also, I add the Domain Users group to the Print Operators and Server Operators and still can't log on to the network through RDP.
Is there something I have to do on the local XP Pro machine, because It doesn't see any groups that are apart of my domain. Am I missing something here. The only way I can log onto the domain through RDP if I had the Domain Admins group to my test account that I'm using to log on with.
Help!? Thanks!:
I think you pretty much answered your own question (See bold). If you received the message you wrote above, then it sounds like you need to enable remote desktop on the machine itself.
Its generally a 3 step process:
1. Enable remote access for the user account
2. Enable remote desktop on the remote target machine
3. Add groups/users to "remote desktop users" group on the remote target machine
there are different error messages for different settings. So if you are sure you received that one, then its most likely an issue where you need to enable remote desktop on the target machine.
hope this helps!**** ARE FOR CHUMPS! Don't be a chump! Validate your material with certguard.com search engine
:study: Current 2015 Goals: JNCIP-SEC JNCIS-ENT CCNA-Security -
Mishra
Member Posts: 2,468 ■■■■□□□□□□
snadam wrote:
I think you pretty much answered your own question (See bold). If you received the message you wrote above, then it sounds like you need to enable remote desktop on the machine itself.
Its generally a 3 step process:
1. Enable remote access for the user account
2. Enable remote desktop on the remote target machine
3. Add groups/users to "remote desktop users" group on the remote target machine
there are different error messages for different settings. So if you are sure you received that one, then its most likely an issue where you need to enable remote desktop on the target machine.
hope this helps!
Remember that if remote desktop wasn't enabled on the PC then he wouldn't be getting the login screen in the first place.
-
dynamik
Banned Posts: 12,312 ■■■■■■■■■□
This is why I asked if it was a DC:Microsoft wrote:Allow log on locally
This logon right determines which users can interactively log on to this computer. Logons initiated by pressing CTRL+ALT+DEL sequence on the attached keyboard requires the user to have this logon right. Additionally, this logon right may be required by some service or administrative applications that can log on users. If you define this policy for a user or group, you must also give the Administrators group this right.
Default:
On workstations and servers:
Administrators
Backup Operators
Power Users
Users
Guest.
On domain controllers:
Account Operators
Administrators
Backup Operators
Print Operators
Server Operators.
I assume you're not able to log on with that user while sitting in front of that machine as well. -
snadam
Member Posts: 2,234 ■■■■□□□□□□
Mishra wrote:snadam wrote:
I think you pretty much answered your own question (See bold). If you received the message you wrote above, then it sounds like you need to enable remote desktop on the machine itself.
Its generally a 3 step process:
1. Enable remote access for the user account
2. Enable remote desktop on the remote target machine
3. Add groups/users to "remote desktop users" group on the remote target machine
there are different error messages for different settings. So if you are sure you received that one, then its most likely an issue where you need to enable remote desktop on the target machine.
hope this helps!
Remember that if remote desktop wasn't enabled on the PC then he wouldn't be getting the login screen in the first place.
damn, youre right. so most likely he needs to add the groups/users to the "remote desktop users" group on the target remote machine. Which sucks because that was my original answer and I changed it :P
I have my damn notes but im scurrying off so I cant verify which message implies which error.**** ARE FOR CHUMPS! Don't be a chump! Validate your material with certguard.com search engine
:study: Current 2015 Goals: JNCIP-SEC JNCIS-ENT CCNA-Security
