Windows XP Sp2 - Unable to logon intecactively Remote dekstop

[Guest]

I recently upgraded my Windows 2000 Pro machine at home to Windows XP Pro
with SP2. I've used remote desktop at work and decided to enable it on my
upgraded system. Thought it would be nice to access all the applications on
it from my laptop.

I enabled remote desktop and then tried to connect. I received the logon
screen but when I entered the credentials I received an error that the local
policy does not permit me to logon interactively. I've tried my own account
( in the administrators' group ) and the administrator account. I then tried
creating a new account with the same results. I put the accounts in the
remote desktop users group also even though I shouldn't have to.

I don't see any explicit denies in any policies. I can log on to the XP
machine locally with all of the accounts I've tested.

I do not use the Windows firewall, I use the personal firewall piece of
Trend Micro's antivirus product. I don't think this is the issue since I get
the logon screen and the error points to policy. The security event viewer
shows the same error related to interactive logon.

Any suggestions would be appreciated.

 

[Shenan Stanley]

I recently upgraded my Windows 2000 Pro machine at home to Windows XP
Pro with SP2. I've used remote desktop at work and decided to enable
it on my upgraded system. Thought it would be nice to access all the
applications on it from my laptop.

I enabled remote desktop and then tried to connect. I received the
logon screen but when I entered the credentials I received an error
that the local policy does not permit me to logon interactively.
I've tried my own account ( in the administrators' group ) and the
administrator account. I then tried creating a new account with the
same results. I put the accounts in the remote desktop users group
also even though I shouldn't have to.

I don't see any explicit denies in any policies. I can log on to the
XP machine locally with all of the accounts I've tested.

I do not use the Windows firewall, I use the personal firewall piece
of Trend Micro's antivirus product. I don't think this is the issue
since I get the logon screen and the error points to policy. The
security event viewer shows the same error related to interactive
logon.

Any suggestions would be appreciated.

Start --> Run
gpedit.msc
Check:

Computer Configuration->Windows Settings->Local Policies->User Rights
Assignment->
- Access this computer from the network (Your group should be listed.)
- Deny logon locally (Your user/group should NOT be listed.)
- Deny logon through Terminal Services (Your user/group should NOT be
listed.)
- Log on Locally (Your group should be listed.)

 

[Guest]

Thanks for the response.

I had already looked at Policies; however, these are the current settings:

- Access this computer from the network (Your group should be listed.)

Administrators, ASPNET, Backup operators, everyone, power users, users

- Deny logon locally (Your user/group should NOT be listed.)

no entries

- Deny logon through Terminal Services (Your user/group should NOT be
listed.)

No entries

- Log on Locally (Your group should be listed.)

Administrators, backup operators, guest, power users, users

I originally had two entries in the deny logon locally policy and removed
them. The entries were ASPNET and support_388945a0. Both laptop and desktop
are in the same workgroup. My ID is in the administrators group.

I welcome any other suggestions.

Mike

 

[John]

Thanks for the response.

I had already looked at Policies; however, these are the current settings:

- Access this computer from the network (Your group should be listed.)

Administrators, ASPNET, Backup operators, everyone, power users, users

- Deny logon locally (Your user/group should NOT be listed.)

no entries

- Deny logon through Terminal Services (Your user/group should NOT be
listed.)

No entries

- Log on Locally (Your group should be listed.)

Administrators, backup operators, guest, power users, users

I originally had two entries in the deny logon locally policy and removed
them. The entries were ASPNET and support_388945a0. Both laptop and
desktop
are in the same workgroup. My ID is in the administrators group.

I welcome any other suggestions.

Mike

The user ID on the host computer can not have a blank password.
If it does, the connection will not be permitted.

John

 

[Guest]

Thanks John.

None of the accounts have blank passwords.

 

[Guest]

Well, I was able to get it to work.

Under user rights assignments, I found 'Allow logon through terminal
services' . Nothing was in it, so I added my user name. Remote desktop now
works. Must be a holdover right due to the upgrade from Windows 2000?

Mike

 

[Jeffrey Randow (MVP)]

Correct... Upgrades from Windows 2000 generally have this problem...

 

[Guest]

I have been searching for the answer to this problem for months. Nothing in
KB that I could find. Glad you solved your problem and helped me solve mine.


Jim Mathis