Re: The Policy of this system does not permit you to logon interactively

From: sfwasabi (sfwasabi.1raesc_at_)
Date: 06/27/05 

Date: Mon, 27 Jun 2005 09:52:00 +0100

I just came across this problem and this is how I fixed it.

Background:
1) We installed a Windows 2003 server as a domain controller, created
user accounts for all the users on the network, and added all of the
computers to the network.
2) We then logged each computer on to the network using the username of
the person who usually utilized that computer.

We had some complaints and I attempted to connect to the user's
computer using Remote Desktop Connection and log on as that user.

I was given the message that you see above and was not able to log on.

Solution:
1) I then logged on as Administrator, right clicked on 'My Computer',
clicked on the 'Remote" tab, clicked the 'Select Remote Users...'
button, and clicked on the 'Add...' button.

Here is where it gets a little tricky. By default the 'From this
location:' section appears grayed out and shows you the location of
your workstation. This location is ONLY for logging on to THIS computer
and NOT the network server. Adding users from this location will only
allow them to log on to this local machine, and not to the network
server.

2) a) If you want to allow the user to remotely connect to this
computer, and not the entire network, enter their username in the box
named: 'Enter the object names to select (examples):' and click the
'Check names' button. If you spelled the username correctly, windows
will replace your username with the complete username in
'Domain\Username' format. Click ok at all the Windows and this person
can now use Remote Desktop to connect to that computer, but not to the
entire network.

b) If you want to allow the user to remotely connect to this computer,
AND the entire network, click the 'Locations' button and highlight your
Domain Server (You may have to click the + sign to the left of 'Entire
Directory' to collapse your directory and show your Domain Server). The
Domain Server will have a name that looks like 'YourDomain.local' or
'YourDomain.com' or 'YourDomain.net', etc. Select your domain server
and click OK. Then enter their username in the box named: 'Enter the
object names to select (examples):' and click the 'Check names' button.
If you spelled the username correctly, Windows will replace your
username with the complete username in 'Domain\Username' format. Click
ok at all the windows and this person can now use Remote Desktop to
connect to that computer, AND the entire network.

3) You can follow steps 2a and 2b to allow a user to connect from
Remote Desktop to either their local computer or to their computer over
the network. The main difference is that when you have both a local
account and a network account, each account will have a different
desktop, different Outlook file, different My Documents folder, etc.

I hope this helps somebody. It took me a while to figure out that I was
adding a local user, but trying to connect to the network instead of the
local computer. 

-- 
sfwasabiPosted from http://www.pcreview.co.uk/ newsgroup access