coppermine18 Posted August 30, 2005 Posted August 30, 2005 I can log into TS via Administrator username.Any others I get the error 'The local policy of this system does not permit you to logon interactively'I have tried google and several instructions to fix the problem and have made no progress.Any help is much appreciated!Paul
Hatefulsorrow Posted August 30, 2005 Posted August 30, 2005 the the security policys and permissions make sure that the everyone group has the "logon locally" permission enabled.If you've already tried this then I'm not sure. I know that there is a command line command that lets you restore your computer's security policy to windows default but I can't remember it off hand.Let me know if you need it and I'll find the command again.
coppermine18 Posted August 30, 2005 Author Posted August 30, 2005 the the security policys and permissions make sure that the everyone group has the "logon locally" permission enabled.If you've already tried this then I'm not sure. I know that there is a command line command that lets you restore your computer's security policy to windows default but I can't remember it off hand.Let me know if you need it and I'll find the command again.<{POST_SNAPBACK}>For some reason I cannot find the 'everyone' group!?How do I check if that is setup properly... I may need that command to fix any imperfections I may have made.Thank You!
At0mic Posted August 30, 2005 Posted August 30, 2005 (edited) Its a bit of a security risk giving everyone rights to log locally onto a server. At work I made a new group called "TS Users" and I allowed this new group to "logon locally" in "local security policy". Then I just added whoever needed access to the "TS Users" group.Of course, if this is your server at home then security may not be as big a issue as it would be in a corporate network Edited August 30, 2005 by At0mic
coppermine18 Posted August 30, 2005 Author Posted August 30, 2005 Its a bit of a security risk giving everyone rights to log locally onto a server. At work I made a new group called "TS Users" and I allowed this new group to "logon locally" in "local security policy". Then I just added whoever needed access to the "TS Users" group.Of course, if this is your server at home then security may not be as big a issue as it would be in a corporate network<{POST_SNAPBACK}>On windows 2000 when I creat the group is it 'global'???I am not sure on some of these options, I tried that and no luck
coppermine18 Posted August 30, 2005 Author Posted August 30, 2005 Ok, new update... it seems that when I look the 'local policy' box is checked, but the 'effective policy' box is not checked and greyed out.I am assuming that this means that it is not enforced.How do I set it so that it is enforced if this is the issue?
x243 Posted August 30, 2005 Posted August 30, 2005 (edited) Why do you keep trying to do something that SBS 2003 was not designed to do? I posted the answer to your question in your previous thread along with the answer to your previous question. I don't know what part of "Windows 2003 SBS will only run in Remote Administration Mode and is limited to 2 simultaneous terminal services sessions by System Administrators only" doesn't make sense. This limitation is placed at the kernel level, and any attempts to circumvent it result in the kernel changing the settings back they way they are supposed to be. Edited August 30, 2005 by x243
coppermine18 Posted August 31, 2005 Author Posted August 31, 2005 Why do you keep trying to do something that SBS 2003 was not designed to do? I posted the answer to your question in your previous thread along with the answer to your previous question. I don't know what part of "Windows 2003 SBS will only run in Remote Administration Mode and is limited to 2 simultaneous terminal services sessions by System Administrators only" doesn't make sense. This limitation is placed at the kernel level, and any attempts to circumvent it result in the kernel changing the settings back they way they are supposed to be.<{POST_SNAPBACK}>I am on a windows 2000 box now, not the 2003. I know that.
Hatefulsorrow Posted September 7, 2005 Posted September 7, 2005 (edited) Ok, new update... it seems that when I look the 'local policy' box is checked, but the 'effective policy' box is not checked and greyed out.I am assuming that this means that it is not enforced.How do I set it so that it is enforced if this is the issue?<{POST_SNAPBACK}>Ok you said that your user's are "Global"? You need to make them local. Global users are for roaming profiles and need to have a security policy taken from a server to work. Because you are setting up the server and not setting up a client the group needs to be local. You can then change the permissions for that user to allow for remote access if needed. Try that and get back to me. Edited September 7, 2005 by Hatefulsorrow
chilifrei64 Posted September 7, 2005 Posted September 7, 2005 Create a new group policy and name it accordingly (TS_Access)Under Group Policy Management, navigate to: Computer Configuration-> Windows Settings-> Security Settings-> Local Policies-> User Rights Assignments-> Allow Log on through Terminal Services. Select your user groups or users which you want to have access Hit OKApply the Group Policy to the OU that that the server is in By default it is going to be applied to Authenticated Users. Doing something simple like this wont be much of a problem but i Would create a group for the users (can be Domain local or global) That wont matter in your situation. and add the users you want to that group.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now