Can't log on locally to remote computer after remote desktops acce

[Guest]

Two XP Pro machines with all updates. User locally logged onto machine A
using his AD logon. He logs off. From machine B I use Remote Desktops to
log on to machine A as the domain administrator. I log off, which causes a
disconnect. The user trys to locally log onto machine A and gets "Your
interactive logon privilege has been disabled. Please contact your system
administrator.". Local user does a restart and can log on OK. This is
repeatable and happens with multiple instances of Machine A. If, instead of
doing a log off, I do a restart when I am finished with the remote access,
the user can log on locally. But either way, once I have logged on through
Remote Desktops, the machine must be rebooted (restarted) to allow a local
user to log on.

Is this a bug or design? If a bug, what to do to fix it? If design.......?

 

[palironsat]

Two XP Pro machines with all updates. User locally logged
onto machine A
using his AD logon. He logs off. From machine B I use Remote
Desktops to
log on to machine A as the domain administrator. I log off,
which causes a
disconnect. The user trys to locally log onto machine A and
gets "Your
interactive logon privilege has been disabled. Please contact
your system
administrator.". Local user does a restart and can log on OK.
This is
repeatable and happens with multiple instances of Machine A.
If, instead of
doing a log off, I do a restart when I am finished with the
remote access,
the user can log on locally. But either way, once I have
logged on through
Remote Desktops, the machine must be rebooted (restarted) to
allow a local
user to log on.

Is this a bug or design? If a bug, what to do to fix it? If
design.......?

Sorry to have nothing to contribute, but I’m having the same issue.
Any help would be appreciated.

 

[chadp]

Check the properties of the AD acct that cannot logon locally to the
machine. On the Terminal Services Profile tab, enable the "Allow logon
to terminal server" option. It appears that the computer gets "stuck"
in terminal services mode after a Remote Desktop user logs off. When a
domain user w/o the rights to logon via terminal services subsequently
tries to logon locally, they are denied access.

-Chad

 

[Guest]

Chad... I will test that out shortly. I did check and found that most of
the people were prohibited from logging onto terminal services.

The bigger questions is "Why does it get stuck in TS mode?". I have not
found any MS info talking about this subject.

Thanks......... Carl

 

[dewaltd]

I have seen the same "BUG". Here's the scenario:

User A is logged into her XP Pro SP2 Dell Desktop. She request
software to be installed and I use RDC to logon to her compute
remotely using the administrator account to complete the request.
log off and then she tries to logon locally JUST AS SHE WAS PRIOR TO M
REMOTE LOGIN, and she gets the "Your logon privilege has been disabled
error message. This error message is for TERMINAL SERVICES LOGONS bu
NOT FOR LOCAL LOGONS. So...why are we getting this message?

THe work-around above "allow logon to terminal server" in the AD User
and Computers app masks the bug. It appears that once a remote logi
takes place using RDC that the subsequent LOCAL logins use the REMOT
DESKTOP CONNECTION login. You can reboot the computer and it will the
allow a local login without changing the "allow logon to termina
server" setting in AD Users and Computers. Has anyone found a "fix" fo
this?

David

*Check the properties of the AD acct that cannot logon locally to th
machine. On the Terminal Services Profile tab, enable the "Allow logo
to terminal server" option. It appears that the computer gets "stuck
in terminal services mode after a Remote Desktop user logs off. Whe
a domain user w/o the rights to logon via terminal service
subsequently tries to logon locally, they are denied access.

-Chad

-
dewalt

 

[Guest]

I still don't see a fix for this issue. Another bit of information - I am
able to log on at the console as a domain admin when the problem appears. If
I then log off, the non-admin user is able to log on without encountering the
error.

The problem we have is that we do not want to enable Terminal Services logon
in AD, as we are using it to restrict non-TS users from logging on to our TS.
So that workaround does not work for us.

Another question: Is there any way to apply the TS restrictions in AD to
just the Terminal Server, as opposed to having it affect everyone who uses
RDP to come into an XP host? We use TS and XP RDP hosts for different
purposes, and we would like to restrict who logs onto the TS. Right now,
when we disable a user's TS logon privilege in AD, it also prevents them from
loggin onto an XP RDP host.

 

[Ken Zhao [MSFT]]

Hello,

It seems you are replying another post this newsgroup. If you have any
questions, please feel free to submit your question.

Thanks & Regards,

Ken Zhao

Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.




--------------------
| Thread-Topic: Can't log on locally to remote computer after remote
desktops
| thread-index: AcekYtb1GvyZcJZGRYmRoe8nhHXUBg==
| X-WBNR-Posting-Host: 207.46.19.197
| From: =?Utf-8?B?R2xlbiBNYXJ0aW4=?= <[email protected]>
| References: <[email protected]>
<[email protected]> <[email protected]>
| Subject: Re: Can't log on locally to remote computer after remote desktops
| Date: Fri, 1 Jun 2007 08:38:02 -0700
| Lines: 61
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
| Newsgroups: microsoft.public.windowsxp.work_remotely
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windowsxp.work_remotely:1646
| NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| X-Tomcat-NG: microsoft.public.windowsxp.work_remotely
|
| I still don't see a fix for this issue. Another bit of information - I
am
| able to log on at the console as a domain admin when the problem appears.
If
| I then log off, the non-admin user is able to log on without encountering
the
| error.
|
| The problem we have is that we do not want to enable Terminal Services
logon
| in AD, as we are using it to restrict non-TS users from logging on to our
TS.
| So that workaround does not work for us.
|
| Another question: Is there any way to apply the TS restrictions in AD to
| just the Terminal Server, as opposed to having it affect everyone who
uses
| RDP to come into an XP host? We use TS and XP RDP hosts for different
| purposes, and we would like to restrict who logs onto the TS. Right now,
| when we disable a user's TS logon privilege in AD, it also prevents them
from
| loggin onto an XP RDP host.
|
| "dewaltd" wrote:
|
| >
| > I have seen the same "BUG". Here's the scenario:
| >
| > User A is logged into her XP Pro SP2 Dell Desktop. She requests
| > software to be installed and I use RDC to logon to her computer
| > remotely using the administrator account to complete the request. I
| > log off and then she tries to logon locally JUST AS SHE WAS PRIOR TO MY
| > REMOTE LOGIN, and she gets the "Your logon privilege has been disabled"
| > error message. This error message is for TERMINAL SERVICES LOGONS but
| > NOT FOR LOCAL LOGONS. So...why are we getting this message?
| >
| > THe work-around above "allow logon to terminal server" in the AD Users
| > and Computers app masks the bug. It appears that once a remote login
| > takes place using RDC that the subsequent LOCAL logins use the REMOTE
| > DESKTOP CONNECTION login. You can reboot the computer and it will then
| > allow a local login without changing the "allow logon to terminal
| > server" setting in AD Users and Computers. Has anyone found a "fix" for
| > this?
| >
| > David
| >
| >
| >
| > chadp wrote:
| > > *Check the properties of the AD acct that cannot logon locally to the
| > > machine. On the Terminal Services Profile tab, enable the "Allow logon
| > > to terminal server" option. It appears that the computer gets "stuck"
| > > in terminal services mode after a Remote Desktop user logs off. When
| > > a domain user w/o the rights to logon via terminal services
| > > subsequently tries to logon locally, they are denied access.
| > >
| > > -Chad *
| >
| >
| >
| > --
| > dewaltd
| > ------------------------------------------------------------------------
|
| > ------------------------------------------------------------------------
| > View this thread: http://www.mcse.ms/message1473930.html
| >
| >
|