Question

Locked

Interactive Logon

By HH76 ·
I have one computer on my network that after I connect with Remote Desktop and then Log Off as Administrator the user is unable to log on until after I log back on and restart the computer. When they attempt to log on the get the following error message:

"Interactive log on privilege has been disabled."

Every thing that I have found on the web thus far deals with not being able to log in remotely. Any suggestions would be greatly appreciated.

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Question

by gstamant In reply to Interactive Logon

Just wanted to know if you found anything about this error. I am currently having the same issue. I have found if you uncheck "Deny this user permissions to log on to any Terminal server", under AD user manager, Terminal Services Profile tab. it is a work around but not a fix.

Collapse -

Updates

by ecottrell In reply to Interactive Logon

Any updates with on this issue? We are experiencing the same situation when remoting into a workstation. For now we are simply rebooting the remote system before disconnecting/logging off, but I would like to see if there is something else we could do to correct it.

Collapse -

Your interactive logon privilege has been disabled

This might work for you. (Might not).

SYMPTOMS
When you try to establish a terminal server session to a Windows 2000 Terminal Server, you may receive the following error message:

Your interactive logon privilege has been disabled. Please contact your system administrator.

NOTE: This problem may occur more frequently when the Windows 2000 Terminal Server is a member of a Microsoft Windows NT 4.0-based domain.

This problem may occur from a client computer that is running Windows NT 4.0, Microsoft Windows 98/95, or Windows 2000. Some domain users in the same domain may be able to successfully establish a Terminal Server session with the Terminal Server, while other users may receive the preceding error message when they try to connect to the same server. Also, events that relate to this problem may not be recorded in the event logs of the server or the client computer.
CAUSE
This problem can occur for either of the following reasons:
Problem Affects All Users or Groups of Users
If the problem affects all users and/or one or more groups of users, the problem may be related to their group's access rights.
Problem Does Not Affect All Users or Groups of Users
If the problem only affects some users but not all of them, the problem may be related to their individual "Allow Logon to Terminal Server" right.
RESOLUTION
To resolve this problem, use the appropriate method:
Windows 2000 Terminal Server Is Installed in a Windows NT 4.0 Domain
For a Windows 2000 Terminal Server in a Windows NT 4.0 domain that appears to be affecting only some, but not all users, the affected users need to have the "Allow Logon to Terminal Server" permission enabled. To enable this feature, click the Configuration button in the appropriate user properties to view and then click to select the Allow Logon to Terminal Server check box.

NOTE: You can view the Configuration button through User Manager on the Windows 2000 Terminal Server or by copying the appropriate files to a Windows NT 4.0 Server.

Start User Manager on the Windows 2000 Terminal Server. To do so, click Start, click Run, type usrmgr.exe in the Open box, and then press ENTER. Click the TS Config button from the user's properties.

NOTE: To view this button and check box on a Windows NT 4.0 Server, you may need to copy the following files from a Windows NT 4.0, Terminal Server Edition server (located in the WTSRV\System32 folder), or from the Windows NT 4.0, Terminal Server Edition CD-ROM, into the Winnt\System32 folder. Note that you can rename the existing file before you copy these new files.
?
Usermgr.exe
?
Utildll.dll
?
Winsta.dll
?
Regapi.dll
IMPORTANT: If you take these files from the Windows NT 4.0, Terminal Server Edition CD-ROM, you must first expand these files because they appear with an underscore character (_) in place of the last letter in the file extension. As an example of how to do so, type expand utildll.dl_ utildll.dll at a command prompt for the file Utildll.dl_, and then press ENTER.

These files run Terminal Server User Manager for Domains on that domain controller (DC), and you can then click the Configuration button to view the Allow logon to terminal server check box. Note that these features are only available on the primary domain controller (PDC) or backup domain controller (BDC) where these files were copied to, and not on any other DCs.
Windows 2000 Terminal Server Is Installed in a Windows 2000 Domain
For a Windows 2000 Terminal Server that is located in a Windows 2000 domain, a Terminal Services Profile tab is already available in the user's properties in Active Directory Users and Computers. To view this, click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers. To view the properties of a user, either double-click the user, or right-click the user and then click Properties.

If all users or entire groups of users are affected, the problem may be located in other areas that relate to those specific user's rights. Other areas to check include:
?
Verify that the RDP-Tcp connection object has granted the necessary users and/or groups "User Access" to the Terminal Server. To do so, start Terminal Services Configuration manager by clicking Start, pointing to Programs, pointing to Administrative Tools, clicking TS Configuration, and then clicking Connections. In the right-side pane, right-click the RDP-Tcp connection and then click Properties. Click the Permissions tab, and then verify that the affected users/groups have been granted at least "User Access".
?
Verify that the local policy of the computer grants these users and/or groups both of the "Access this computer from the network" and "Logon locally" rights. To do so, view the Local Security Policy by clicking Start, pointing to Programs, pointing to Administrative Tools, and then clicking Local Security Policy. Double-click the Local Policy branch to expand it, and then click User rights assignment. Double-click Access this computer from the network and Logon locally to verify that the affected users and/or groups have been granted the appropriate permission.
http://support.microsoft.com/kb/265382

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

Please post back if you have any more problems or questions.

Back to Networks Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums