1

LogMeIn support can't help me, maybe someone here can.

I have a user on a Windows Server 2003 (non administrator). When I first created him and tried to connect through remote desktop I got the error 

The local policy of the system does not permit you to logon interactively.

I looked up the error and saw that this user was not a member of the Remote Desktop Users group. I added him to the group and was able to remote desktop in just fine. Then I tried to connect this user to the server through LogMeIn (Pro trial version). I got the same error as when the user was not a part of the Remote Desktop Users group.

Can anyone tell me any other groups the user must be a member of in order to be allowed access through LogMeIn? I would imagine this is a common requirement - LogMeIn support seemed to have no idea.

studiohack
  • 305
  • 6
  • 17
Jeff
  • 277
  • 3
  • 14
  • You can add the user to the group: Remote Desktop Users and then, he will be able to log in thru RDP. – r0ca Feb 04 '10 at 19:42

1 Answers1

0

you must change this local policy (gpedit.msc) (or through GPO):

Computer \windows settings\ security settings \ local policies\ User Rights Assignements:

Allow log on locally

Add the user to the list of this right

Mathieu Chateau
  • 3,185
  • 16
  • 10
  • I get an ominous warning that modifying this setting may affect compatibility with clients, service... Also, the 'Add User or Group' and 'Remove' buttons are disabled. – Jeff Feb 04 '10 at 19:33
  • Is it a SBS2003 or Windows 2003 SRV – r0ca Feb 04 '10 at 19:43
  • yes, sbs with SP1. I need to update this. – Jeff Feb 04 '10 at 19:45
  • I was just thinking, the reason for all this is for some remote users to run a client/server app from the server. I suppose it may be better to set up an XP machine on the same LAN as the server and just let them run the app from there. I suppose these issues will go away if they're connecting to an XP machine instead of directly to the server. – Jeff Feb 04 '10 at 19:49
  • it's a domain controller, must be done through gpo – Mathieu Chateau Feb 04 '10 at 20:13
  • I noticed that 6 groups are already showing up in the 'allow log on locally' group; Account Operators, Administrators, Backup Operators, IUSR_servername, Print Operators, and Server Operators. Can I just make my users a part of one of these groups? Which would be the one least likely to cause trouble, Print Operators? – Jeff Feb 04 '10 at 20:28
  • Define "Cause trouble". I hate to say it but this is a quite simple equation: If you do not trust someone enough to give them admin rights in the first place then you really need to think twice about letting them log on to your domain controller interactively. – Rob Moir May 31 '10 at 07:24