This article was previously published under Q187166
This article has been archived. It is offered "as is" and will no longer be updated.
The only time the Log on Locally right is not granted by default to everyone, is when Terminal Server is installed as a BDC.
If the Terminal Server is installed as a PDC or Member Server in a domain, or if it is installed as a standalone server in a workgroup, the Everyone group gets Log on Locally rights by default.
If a Terminal Server is installed in the domain as a backup domain controller (BDC), it will inherit the domain user rights from an existing Windows NT primary domain controller (PDC). Because of this, domain users will not have the right to log on locally. The affect is to deny everyone, except administrators, the right to connect through the Terminal Server Client.
If users do not have the right to log on locally to the Terminal Server, they receive the following message:
The local policy of this system does not permit you to log on interactively.