The local policy of this system does not permit you to logon interactively

If you get this message when trying to access a XP (or 2000 server) system via remote desktop, try the following …

On the remote system, click Start, then Run, type “secpol.msc”, and press enter.

Navigate to “Local Policies”, then select “User Rights Assignment”.

In the list find “Allow logon through Terminal Services” and make sure that “Administrators” and “Remote Desktop Users” are in the list. If they aren’t, click “Add User or Group”, and add the user. Then click “Apply”.

You should be able to access the system remotely.


Skip to comment form

    • Dave Moehrke on 12 Jul 2005 at 12:15 pm

    Exactly. Thank you SO much!!

    • Kev Saunders on 06 Jul 2005 at 8:54 pm

    Just what I needed… Cheers

    • ErikaT on 10 Jun 2005 at 12:51 pm

    I’m having this problem when I try to use remote desktop, but I don’t have either of the settings that are mentioned above. (That is, Admin and Remote Users are allowed for logon, and only ASPNET is denied terminal services.) Any other ideas?


    • Dick B. on 07 Jun 2005 at 10:28 am

    This same error occurs if Terminal Services access is attempted from a Windows client that has lost its join to a Windows 2000 SBS network with SBS 2000 running Terminal Services in application mode. The Active Directory computer entry looks OK, but you won’t be able to access the client. Rejoining client computer to network fixes this case just fine.

    • Frank Pauli on 01 May 2005 at 12:14 pm

    I was not able to access a Windows 2003 Server and I checked the security policy, but it was properly set to allow administrators. Then I noticed the Deny Logon through Terminal Services key and it was set to block Administrators. Deny takes presidence, so when I removed the deny, everything worked fine. Thanks for the help.

    • Steven on 19 Apr 2005 at 12:34 am

    FINALLY… an actual SOLUTION! Thanks!

    • arun karthick on 13 Apr 2005 at 5:54 am

    Good job… Thanks

    • Mark on 11 Apr 2005 at 1:06 pm

    Argh.. I’m not able to log in either… re-install? sob.

    • Chris on 03 Apr 2005 at 3:54 pm

    Thank you very much.. Spot On.. Solved my Problem.

    • david on 02 Apr 2005 at 1:53 pm

    Doubtful, Romal. Keep in mind the error I found the solution for was a Remote Desktop login, not a local login.

    • Romal on 29 Mar 2005 at 10:23 am

    I have the same problem but on a single computer not on a network running win server 2003. Barring a complete re-install is their any other way I can resolve this error.

    • zillah on 27 Mar 2005 at 5:26 am

    Thanks for that, It solved my problem

    • Chris on 10 Mar 2005 at 11:54 am

    Thanks, David, worked a trick!

    • Phil on 23 Feb 2005 at 8:18 am

    Me too ! I was stuck for ages on this problem. Some machines would be fine to connect to and some others were impenetrable ! Nobody from IS could resolve that and MS technote 289289 is of course not solving anything at all ! Thanks a lot !!!

    • Slayer on 21 Feb 2005 at 9:50 pm

    Thanks for the tip. Worked perfectly.

    • david on 11 Jun 2004 at 8:47 am

    Re-install? Seriously, if you can’t logon, the best thing you can do as far as I know is to re-install windows and hope you haven’t encrypted any data on your drive.

    • Eze on 28 May 2004 at 8:15 pm

    So what do I do if i cannot log on windows in any way whatsoever?
    How change user rights?

Comments have been disabled.