Remote desktop connection "The local policy of this system does not permit you to logon interactively"
This article was previously published under Q289289
If you are not an administrator and try to use the Remote Desktop Connection tool, you may receive the following error message:
The local policy of this system does not permit you to logon interactively.
This issue occurs because the user account is not a member of the local Remote Desktop Users group.
To have us resolve this issue for you, go to the "Fix it for me" section. If you prefer to fix this problem yourself, go to the "Let me fix it myself" section.
Fix it for me
To fix this problem automatically, click the Fix it button or link. Click Run in the File Download dialog box, and follow the steps in the Fix it wizard.
- Type the user account in the Users box during the installation of the Fix it solution.
- To add a domain user account to the local Remote Desktop Users group, use the following format:
- To add a local user account to the local Remote Desktop Users group, use the following format:
Username or .\Username
- To add multiple user accounts to the local Remote Desktop Users group,use the semicolon(;) character as the separator.For example:
- This wizard may be in English only. However, the automatic fix also works for other language versions of Windows.
- If you are not using the computer that has the problem, save the Fix it solution to a flash drive or a CD and then run it on the computer that has the problem.
Then, go to the "Did this fix the problem?" section.
Let me fix it myselfTo resolve this issue, add allowed users to the Remote Desktop Users list:
- Click Start, point to Settings, and then click Control Panel.
- Double-click System, and then on the Remote tab, click Select Remote Users.
- Click Add type in the user account name, and then click OK.
If you are adding more than one user name, use a semicolon to separate the names.
Also, make sure that the Remote Desktop Users group has sufficient permissions to log on through Terminal Services. To do this, follow these steps:
- Click Start, click Run, type secpol.msc, and then click OK.
- Expand Local Policies, and then click User Rights Assignment.
- In the right pane, double-click Allow logon through Terminal Services. Make sure that the Remote Desktop Users group is listed.
- Click OK.
- In the right pane, double-click Deny logon through Terminal Services. Make sure that the Remote Desktop Users group is not listed, and then click OK.
- Close the Local Security Settings snap-in.
Did this fix the problem?
- Check whether the problem is fixed. If the problem is fixed, you are finished with this section. If the problem is not fixed, you can contact support.
- We would appreciate your feedback. To provide feedback or to report any issues with this solution, please leave a comment on the "Fix it for me" blog or send us an email.
fixit fix it
Article ID: 289289 - Last Review: 05/22/2013 15:08:00 - Revision: 8.0
Microsoft Windows Server 2003, Datacenter Edition (32-bit x86), Microsoft Windows Server 2003, Enterprise Edition (32-bit x86), Microsoft Windows Server 2003, Standard Edition (32-bit x86), Microsoft Windows Server 2003, Web Edition, Microsoft Windows Server 2003, Enterprise x64 Edition, Microsoft Windows XP Professional
- kberrmsg kbnetwork kbprb kbfixme kbmsifixme KB289289