The local policy of this system does not permit you to logon interactively

If you get this message when trying to access a XP (or 2000 server) system via remote desktop, try the following …

On the remote system, click Start, then Run, type “secpol.msc”, and press enter.

Navigate to “Local Policies”, then select “User Rights Assignment”.

In the list find “Allow logon through Terminal Services” and make sure that “Administrators” and “Remote Desktop Users” are in the list. If they aren’t, click “Add User or Group”, and add the user. Then click “Apply”.

You should be able to access the system remotely.

17 thoughts on “The local policy of this system does not permit you to logon interactively

  1. Eze

    So what do I do if i cannot log on windows in any way whatsoever?
    How change user rights?

  2. david

    Re-install? Seriously, if you can’t logon, the best thing you can do as far as I know is to re-install windows and hope you haven’t encrypted any data on your drive.

  3. Phil

    Me too ! I was stuck for ages on this problem. Some machines would be fine to connect to and some others were impenetrable ! Nobody from IS could resolve that and MS technote 289289 is of course not solving anything at all ! Thanks a lot !!!

  4. Romal

    I have the same problem but on a single computer not on a network running win server 2003. Barring a complete re-install is their any other way I can resolve this error.

  5. david

    Doubtful, Romal. Keep in mind the error I found the solution for was a Remote Desktop login, not a local login.

  6. Frank Pauli

    I was not able to access a Windows 2003 Server and I checked the security policy, but it was properly set to allow administrators. Then I noticed the Deny Logon through Terminal Services key and it was set to block Administrators. Deny takes presidence, so when I removed the deny, everything worked fine. Thanks for the help.

  7. Dick B.

    This same error occurs if Terminal Services access is attempted from a Windows client that has lost its join to a Windows 2000 SBS network with SBS 2000 running Terminal Services in application mode. The Active Directory computer entry looks OK, but you won’t be able to access the client. Rejoining client computer to network fixes this case just fine.

  8. ErikaT

    I’m having this problem when I try to use remote desktop, but I don’t have either of the settings that are mentioned above. (That is, Admin and Remote Users are allowed for logon, and only ASPNET is denied terminal services.) Any other ideas?


Comments are closed.