"Not all privileges or groups referenced are assigned to the caller." when connecting to Windows 7 Telnet

Question

I'm trying to configure telnet server in windows 7.

When I try make a telnet connection from another machine within the LAN, and I log in with the username and password of a administrator account, I get a "Not all privileges or groups referenced are assigned to the caller." error.

I'm sure I missed out something but I'm not sure where it is!

Answer 1

It sounds like you're running the Telnet Server as NetworkService.

As per - http://technet.microsoft.com/en-us/library/cc770898

Your token will be filtered of administrative privileges based on:

• Whether you are using a local or domain administrative account
• The value of the LocalAccountTokenFilterPolicy registry key
• Whether the telnet service is running as LocalSystem or NetworkService

If you're running the telnet server as NetworkService, you will not be able to keep any administrative privs in your token.

You need to run the service as LocalSystem. If you're using a local account, you will also need that registry key to be set to a value of 1.

The registry key doesn't matter if you're using a domain account.

Answer 2

This sounds like a UAC thing.

I'm assuming you can probably logon just fine, it's just that you can't perform privileged operations - because your logon session isn't elevated. This is only a problem when you are logging on with a local account. If you telnet using a domain account which has admin privs, you should be OK.

In order to allow elevation for remote logon sessions with local accounts, you need to set a registry key, as described at The Vista Compatibility Team Blog.

The key is:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system
LocalAccountTokenFilterPolicy = 1 (DWORD)

I think you will need to reboot before it starts working.