R
Romulo A. Ceccon
Hi,
I'm experiencing a strange problem in a machine where I have just
installed Windows XP. This machine is part of a domain and the user who
is going to use it is a member of the "Standard Users" (not "Power
users") group on the machine and also a member of the "Domain users"
group on the domain.
In order to avoid wasting time setting up the machine I have enabled
Terminal Services on it as soon as the network got alive, so I could
install and configure all the needed stuff without leaving my room.
Before using Remote Desktop I made a test and the user could properly
perform a local logon. Then I connected through RD from my machine
using the domain admin account. Everything worked. Service Pack 2 and
every software needed was installed remotely. And some reboots were
also done remotely without any problem.
When I asked the user to logon locally and start working he received
the message: "Your interactive logon privilege has been disabled." I
went back to that machine, logged on as the domain admin, openned the
"Local security policies" snap-in and ensured the group "Standard user"
(the group the user belongs to) had local logon privilege. Then I
logged off and tried to logon as that user. It worked even without
rebooting nor changing any security setting.
Afterwards I had to do some other things and logged again as the domain
admin through RD. Thereon the problem was back. Logging in locally as
the domain admin solved it.
Thus, the problem is easily reproduceable. After logging on through RD
using the domain admin account the only way to make the user logon
again is to perform a local logon using also the domain admin account.
What's happening?
I intend to leave TS enabled on that machine in order to solve any
problem remotely. This way, after setting up everything, I just call
the user back and say "It's done!", without moving from my chair. Is
this a known (and fixable) problem or I'll always need to stay in front
of that computer?
Thanks in advance.
I'm experiencing a strange problem in a machine where I have just
installed Windows XP. This machine is part of a domain and the user who
is going to use it is a member of the "Standard Users" (not "Power
users") group on the machine and also a member of the "Domain users"
group on the domain.
In order to avoid wasting time setting up the machine I have enabled
Terminal Services on it as soon as the network got alive, so I could
install and configure all the needed stuff without leaving my room.
Before using Remote Desktop I made a test and the user could properly
perform a local logon. Then I connected through RD from my machine
using the domain admin account. Everything worked. Service Pack 2 and
every software needed was installed remotely. And some reboots were
also done remotely without any problem.
When I asked the user to logon locally and start working he received
the message: "Your interactive logon privilege has been disabled." I
went back to that machine, logged on as the domain admin, openned the
"Local security policies" snap-in and ensured the group "Standard user"
(the group the user belongs to) had local logon privilege. Then I
logged off and tried to logon as that user. It worked even without
rebooting nor changing any security setting.
Afterwards I had to do some other things and logged again as the domain
admin through RD. Thereon the problem was back. Logging in locally as
the domain admin solved it.
Thus, the problem is easily reproduceable. After logging on through RD
using the domain admin account the only way to make the user logon
again is to perform a local logon using also the domain admin account.
What's happening?
I intend to leave TS enabled on that machine in order to solve any
problem remotely. This way, after setting up everything, I just call
the user back and say "It's done!", without moving from my chair. Is
this a known (and fixable) problem or I'll always need to stay in front
of that computer?
Thanks in advance.