Users Cannot Connect Without Logon Local Permissions

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

This article was previously published under Q187166
This article has been archived. It is offered "as is" and will no longer be updated.
SUMMARY
MORE INFORMATION
The only time the Log on Locally right is not granted by default to everyone, is when Terminal Server is installed as a BDC.

If the Terminal Server is installed as a PDC or Member Server in a domain, or if it is installed as a standalone server in a workgroup, the Everyone group gets Log on Locally rights by default.
SYMPTOMS
If a Terminal Server is installed in the domain as a backup domain controller (BDC), it will inherit the domain user rights from an existing Windows NT primary domain controller (PDC). Because of this, domain users will not have the right to log on locally. The affect is to deny everyone, except administrators, the right to connect through the Terminal Server Client.

If users do not have the right to log on locally to the Terminal Server, they receive the following message:
The local policy of this system does not permit you to log on interactively.
CAUSE
This behavior is by design.
Properties

Article ID: 187166 - Last Review: 01/07/2015 07:00:09 - Revision: 1.5

  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows NT Server 4.0, Terminal Server Edition
  • kbnosurvey kbarchive kbbug kbnofix KB187166
Feedback