Random Ramblings of a Neo-Post-Modern Geek (I have no idea what that means)
The local policy of this system does not permit you to logon interactively

If you get this message when trying to access a XP (or 2000 server) system via remote desktop, try the following …
On the remote system, click Start, then Run, type “secpol.msc”, and press enter.
Navigate to “Local Policies”, then select “User Rights Assignment”.
In the list find “Allow logon through Terminal Services” and make sure that “Administrators” and “Remote Desktop Users” are in the list. If they aren’t, click “Add User or Group”, and add the user. Then click “Apply”.
You should be able to access the system remotely.
Popularity: 85%
| Print article | This entry was posted by david on 16 February 2004 at 10:40 am, and is filed under Technical Tidbits. Follow any responses to this post through RSS 2.0. Both comments and pings are currently closed. |
Comments are closed.

about 5 years ago
Exactly. Thank you SO much!!
about 5 years ago
Just what I needed… Cheers
about 5 years ago
I’m having this problem when I try to use remote desktop, but I don’t have either of the settings that are mentioned above. (That is, Admin and Remote Users are allowed for logon, and only ASPNET is denied terminal services.) Any other ideas?
Thanks,
ET
about 5 years ago
This same error occurs if Terminal Services access is attempted from a Windows client that has lost its join to a Windows 2000 SBS network with SBS 2000 running Terminal Services in application mode. The Active Directory computer entry looks OK, but you won’t be able to access the client. Rejoining client computer to network fixes this case just fine.
about 5 years ago
I was not able to access a Windows 2003 Server and I checked the security policy, but it was properly set to allow administrators. Then I noticed the Deny Logon through Terminal Services key and it was set to block Administrators. Deny takes presidence, so when I removed the deny, everything worked fine. Thanks for the help.
about 5 years ago
FINALLY… an actual SOLUTION! Thanks!
about 5 years ago
Good job… Thanks
about 5 years ago
Argh.. I’m not able to log in either… re-install? sob.
about 5 years ago
Thank you very much.. Spot On.. Solved my Problem.
about 5 years ago
Doubtful, Romal. Keep in mind the error I found the solution for was a Remote Desktop login, not a local login.
about 5 years ago
I have the same problem but on a single computer not on a network running win server 2003. Barring a complete re-install is their any other way I can resolve this error.
about 5 years ago
Thanks for that, It solved my problem
about 5 years ago
Thanks, David, worked a trick!
about 5 years ago
Me too ! I was stuck for ages on this problem. Some machines would be fine to connect to and some others were impenetrable ! Nobody from IS could resolve that and MS technote 289289 is of course not solving anything at all ! Thanks a lot !!!
about 5 years ago
Thanks for the tip. Worked perfectly.
about 6 years ago
Re-install? Seriously, if you can’t logon, the best thing you can do as far as I know is to re-install windows and hope you haven’t encrypted any data on your drive.
about 6 years ago
So what do I do if i cannot log on windows in any way whatsoever?
How change user rights?