Log on to terminal server on W2k3 dc server

I.m having trouble to log on to terminal server in aplication mode wich is
instaled and activated on Windows server 2003 DC. I know that instaling a TS
on DC is not a good idea, but customer has requested to do so.
I have added users to "Remote desktop users" group and assign a "Log on
localy" right on Domain controler security policy, Domain security policy is
not definied. I even add a user, not group to logon localy policy on Domain
controler swcurity policy. In every case I get a error that log on policy
does not permit me to log on interactively. Where do I do wrong

Thank's in advance


Regards, Robert

thi smay help. quoted form http://www.ChicagoTech.net
"The local policy of this system does not permit you to logon
interactively."
Symptoms: When trying to connect to a W2K domain controller running Terminal
Services with Application Server mode for user access, you as a TS user may
receive "The local policy of this system does not permit you to logon
interactively" message. You may not receive this message if you logon with a
member of the following default groups:
a.. Account Operators
b.. Administrators
c.. Backup Operators
d.. Print Operators
e.. Server Operators
f.. Others based on services on the computer such as TsInternetUser
Also, you will not receive this message when you logon member and
stand-alone servers since they have the users group included in the "Log on
Locally" user right.

Resolutions:This issue occurs because the W2K domain controller running
Terminal Services does not have the Users, Authenticated Users, or Everyone
global group added to the Group Policy Object for the "Log on Locally" user
right. "Log on Locally" is a required user right in Microsoft Windows NT
4.0, Terminal Server Edition and Windows 2000 Terminal Services. To modify
the Group Policy Object for the domain controller, go to Administrative
Tools>Domain Controller Security Policy>Security Settings>Local
Policies>User Rights Assignment>Policy>Log on Locally>Add>Browse, click the
appropriate group, and then click Add. After modifying the Group Policy,
type secedit /refreshpolicy machine_policy /enforce at a command prompt,
press ENTER, and then press ENTER.

--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Robert Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.

"RobertM" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> I.m having trouble to log on to terminal server in aplication mode wich is
> instaled and activated on Windows server 2003 DC. I know that instaling a
> TS on DC is not a good idea, but customer has requested to do so.
> I have added users to "Remote desktop users" group and assign a "Log on
> localy" right on Domain controler security policy, Domain security policy
> is not definied. I even add a user, not group to logon localy policy on
> Domain controler swcurity policy. In every case I get a error that log on
> policy does not permit me to log on interactively. Where do I do wrong
>
> Thank's in advance
>
>
> Regards, Robert
>

I try to do as you say, but I still cant't log on thru terminal, but if I
log on on server console the log on is successful... :-(

"Robert L [MS-MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> thi smay help. quoted form http://www.ChicagoTech.net
> "The local policy of this system does not permit you to logon
> interactively."
> Symptoms: When trying to connect to a W2K domain controller running
> Terminal Services with Application Server mode for user access, you as a
> TS user may receive "The local policy of this system does not permit you
> to logon interactively" message. You may not receive this message if you
> logon with a member of the following default groups:
> a.. Account Operators
> b.. Administrators
> c.. Backup Operators
> d.. Print Operators
> e.. Server Operators
> f.. Others based on services on the computer such as TsInternetUser
> Also, you will not receive this message when you logon member and
> stand-alone servers since they have the users group included in the "Log
> on Locally" user right.
>
> Resolutions:This issue occurs because the W2K domain controller running
> Terminal Services does not have the Users, Authenticated Users, or
> Everyone global group added to the Group Policy Object for the "Log on
> Locally" user right. "Log on Locally" is a required user right in
> Microsoft Windows NT 4.0, Terminal Server Edition and Windows 2000
> Terminal Services. To modify the Group Policy Object for the domain
> controller, go to Administrative Tools>Domain Controller Security
> Policy>Security Settings>Local Policies>User Rights Assignment>Policy>Log
> on Locally>Add>Browse, click the appropriate group, and then click Add.
> After modifying the Group Policy, type secedit /refreshpolicy
> machine_policy /enforce at a command prompt, press ENTER, and then press
> ENTER.
>
> --
> For more and other information, go to http://www.ChicagoTech.net
>
> Don't send e-mail or reply to me except you need consulting services.
> Posting on MS newsgroup will benefit all readers and you may get more
> help.
>
> Robert Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
> http://www.ChicagoTech.net
> This posting is provided "AS IS" with no warranties.
>
> "RobertM" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> I.m having trouble to log on to terminal server in aplication mode wich
>> is instaled and activated on Windows server 2003 DC. I know that
>> instaling a TS on DC is not a good idea, but customer has requested to do
>> so.
>> I have added users to "Remote desktop users" group and assign a "Log on
>> localy" right on Domain controler security policy, Domain security policy
>> is not definied. I even add a user, not group to logon localy policy on
>> Domain controler swcurity policy. In every case I get a error that log on
>> policy does not permit me to log on interactively. Where do I do wrong
>>
>> Thank's in advance
>>
>>
>> Regards, Robert
>>
>
>