Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

RWW Problem

12 views
Skip to first unread message

Norman

unread,
Jan 31, 2005, 4:37:07 PM1/31/05
to
I have almost pulled all my hair out over this. I have SBS 2003 premium and
the client computer in question is WinXPSP2 setup as a workgroup, I will call
it fleabag. The user of fleabag is jsmith and he is local admin of his
computer. I created the computer account on the SBS server using the add
computer wizard. As instructed I went over to fleabag and opened up a
browser and typed in http://servername/connectcomputer and added the user
jsmith. I also checked the box that asked if the user has used this computer
before, All his settings where migrated over to the new profile,
jsmith.domain John smith calls me from home and says he gets the error
message, "The local policy of this system does not permit you to logon
interactively". I googled this message in the groups section and tried all
the posts about it. I have checked jsmith groups which are local admin and
remote desktop users. I also checked his account on the SBS 2003 server and
he is a member of Remote Web WorkPlace Users and domain users.
I have a test machine called robot and when I add jsmith to the local remote
desktop users group he can log into robot with no problems. any suggestions
about whats going on with fleabag? and or jsmiths account
all names have been changed to protect the innocent
Thank you in advance
Norm

Bill Peng [MSFT]

unread,
Feb 1, 2005, 6:34:51 AM2/1/05
to
Hi Norman,

I understand the problem to be as follows:

1. You join a client computer to the domain via ConnectComputer.
2. The domain user is in the client computer's local remote desktop users
group.
3. The user connected to RWW, clicked "Connect to Client Desktops" and then
chose his office computer to connect , but he is not able to log on.

If I'm out of base, please feel free to let me know.

To narrow down the root cause of this issue, please let me know:

1. Whether the user is able to log on to the "Robot" computer from
RWW->Connect to Client Desktops.
2. Whether the user is able to log on to his office computer from another
computer on the LAN using the RDP client software mstsc.exe.

Based on your description, I assume that this is a client RDP issue. If the
answer of the 2nd question above is No, this should be a client issue.

A possible cause is that the Terminal Services Device Redirector is missing
from Device Manager. With Windows XP Service Pack 2 Terminal Services
Keyboard Redirector and Terminal Services Mouse Redirector will also likely
be missing.

To solve the problem, please run the following command and ask Windows XP
newsgroup for further help:

devcon -r install %windir%\inf\machine.inf root\rdpdr

If you're able to connect to your client in your corporate LAN, please let
me know and I will perform further research.

More Information:
886620 "The local policy does not permit you to logon interactively" error
http://support.microsoft.com/?id=886620

841188 "The local policy of this system does not permit you to logon
http://support.microsoft.com/?id=841188

289289 Remote desktop connection "The local policy of this system does not
http://support.microsoft.com/?id=289289

I hope the above info helps and I look forward to your update.

Have a nice day!

Bill Peng
MCSE 2000, MCDBA
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
>Thread-Topic: RWW Problem
>thread-index: AcUH3QMkzo9CUmTcSCSBsct/8lzUow==
>X-WBNR-Posting-Host: 4.20.162.6
>From: =?Utf-8?B?Tm9ybWFu?= <Nor...@discussions.microsoft.com>
>Subject: RWW Problem
>Date: Mon, 31 Jan 2005 13:37:07 -0800
>Lines: 20
>Message-ID: <A42DC9F4-F6D3-46DE...@microsoft.com>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
>Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
>Xref: cpmsftngxa10.phx.gbl microsoft.public.windows.server.sbs:142249
>X-Tomcat-NG: microsoft.public.windows.server.sbs

Jason

unread,
Feb 1, 2005, 1:35:02 PM2/1/05
to
I am trying to access the RWW, by using our static IP address
(i.e http://xxx.xxx.xxx.xxx)

But when i do i get this page:

You are not authorized to view this page
The Web server you are attempting to reach has a list of IP addresses that
are not allowed to access the Web site, and the IP address of your browsing
computer is on this list.

Is there any way of allowing access?
The connection is fine, because ihave no problem Remotely Connecting to the
Server.

Norman

unread,
Feb 1, 2005, 1:53:03 PM2/1/05
to
Hi Bill,
Thanks for responding to my post
here are the answers to your questions

> 1. Whether the user is able to log on to the "Robot" computer from
> RWW->Connect to Client Desktops
Yes the client can connect to any other computer on the lan that he is a
member of the local Remote Desktop users

> 2. Whether the user is able to log on to his office computer from another
> computer on the LAN using the RDP client software mstsc.exe.
No the user gets the same error message from any computer on the Lan he uses
to try and connect to his computer. Even I get the same error message and
I'm in the domain admins group.

> A possible cause is that the Terminal Services Device Redirector is missing
> from Device Manager. With Windows XP Service Pack 2 Terminal Services
> Keyboard Redirector and Terminal Services Mouse Redirector will also likely
> be missing.
> To solve the problem, please run the following command and ask Windows XP
> newsgroup for further help:
>
> devcon -r install %windir%\inf\machine.inf root\rdpdr

In device manager>>system devices>> terminal Server redirector is listed
when I ran the command devcon -r install %windir%\inf\machine.inf root\rdpdr
I got the acknowledgement messages of device drivers installing then the
computer rebooted.
I tried to rww and got the same message. "The local policy of this system
does not permit you to logon". Before I posted to the news group I already
looked at the knowledge based articles that you listed below. I will also
post this in the XP group and see what I get
Thanks for helping

Norm

Bill Peng [MSFT]

unread,
Feb 2, 2005, 3:14:06 AM2/2/05
to
Hi Norman,

Thank you for the update and I think this should be a Windows XP client
issue since it is able to be reproduce in LAN with RDP.

I appreciate your time here and re-post this question in the Windows XP NG.

We look forward to working with you here again.

Have a nice day!

Bill Peng
MCSE 2000, MCDBA
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
>Thread-Topic: RWW Problem
>thread-index: AcUIj0H5liOdl1UlSGqscNaZi6USJA==


>X-WBNR-Posting-Host: 4.20.162.6
>From: =?Utf-8?B?Tm9ybWFu?= <Nor...@discussions.microsoft.com>

>References: <A42DC9F4-F6D3-46DE...@microsoft.com>
<4WguTIFC...@cpmsftngxa10.phx.gbl>
>Subject: RE: RWW Problem
>Date: Tue, 1 Feb 2005 10:53:03 -0800
>Lines: 156
>Message-ID: <7FF0BDFB-3CFC-41A0...@microsoft.com>


>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
>Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl

>Xref: cpmsftngxa10.phx.gbl microsoft.public.windows.server.sbs:142533
>X-Tomcat-NG: microsoft.public.windows.server.sbs

Marina Roos [SBS-MVP]

unread,
Feb 2, 2005, 4:49:18 AM2/2/05
to
Hi Jason,

Someone must have set IP restrictions in IIS and your IP is not allowed to
access the site.

--
Regards,

Marina
Microsoft SBS-MVP
One of the Magical M&M's

"Jason" <Ja...@discussions.microsoft.com> schreef in bericht
news:B254B93E-3D1D-4021...@microsoft.com...

David Golik

unread,
Feb 2, 2005, 7:15:59 AM2/2/05
to
Hi guys im getting a similar problem Domain admins can log in fine on any
box using RWW however Domain Users and members of the remote working group
can not im getting the same local policy does not permit interactive logon.

Is this something I need to change in group policy if so which one ?

Regards

Dave


"Bill Peng [MSFT]" <v-b...@online.microsoft.com> wrote in message
news:4WguTIFC...@cpmsftngxa10.phx.gbl...

Marina Roos [SBS-MVP]

unread,
Feb 2, 2005, 8:52:57 AM2/2/05
to
Hi Jason,

Please leave the history in your reply.

In IIS somewhere. I don't know what you or someone else has been doing.
Check the Directory Security tab of the Companyweb.

--
Regards,

Marina
Microsoft SBS-MVP
One of the Magical M&M's

"Jason" <Ja...@discussions.microsoft.com> schreef in bericht

news:528EBE0E-DC54-42EF...@microsoft.com...
> How do i change this?


Bill Peng [MSFT]

unread,
Feb 3, 2005, 12:16:30 AM2/3/05
to
Hi Dave,

As I mentioned in the initial reply, if the problem is able to be
reproduced on your corporate LAN with RDP, this seems to be a Windows
client issue.

At this point, please post the question in Windows XP newsgroup.

If this is not the case, please describe the problem with more detail and
error info in a new thread. In doing so, we can better understand your
situation and more readers are able to share their experience with you.

Thanks & Regards,

Bill Peng
MCSE 2000, MCDBA

Microsoft Partner Support Professional

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
>From: "David Golik" <da...@nospam.paymentrequired.com>
>References: <A42DC9F4-F6D3-46DE...@microsoft.com>
<4WguTIFC...@cpmsftngxa10.phx.gbl>
>Subject: Re: RWW Problem
>Date: Wed, 2 Feb 2005 12:15:59 -0000
>Lines: 134
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
>X-RFC2646: Format=Flowed; Original
>Message-ID: <O5KWsESC...@tk2msftngp13.phx.gbl>
>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: border.golik.co.uk 82.152.152.50
>Path:
cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13
.phx.gbl
>Xref: cpmsftngxa10.phx.gbl microsoft.public.windows.server.sbs:142756
>X-Tomcat-NG: microsoft.public.windows.server.sbs

David Golik

unread,
Feb 3, 2005, 11:31:09 AM2/3/05
to
Hi guys thought id post back here just to help the others out

This fixed the "you do not have permission to logon interactivly"

The problem is with the workstations not the sbs server you need to edit the
list of who can connect remotly using remote access as follows

Right Click My Computer > Properties > Remote > Check the "Allow users to
connect remotly to this computer"

Then select remote users. In the dialogue for remote users enter either the
usernames of the users you want to allow access to or the security group (
you may have to browse to the AD to find the right unit and change the
search criteria option to include groups as well as users)

If this doesnt work you may also need to edit the local group policy on that
pc gpedit.msc > Computer Configuration > Windows Settings > Security
Settings > Local Policies > User Rights Assignment > Allow logon through
terminal services

Although this does the same as the adding people to the remote desktop users
as above.

Hope this helps

Regards

Dave


"Bill Peng [MSFT]" <v-b...@online.microsoft.com> wrote in message

news:AKsYM%23aCFH...@cpmsftngxa10.phx.gbl...

Bill Peng [MSFT]

unread,
Feb 4, 2005, 4:47:24 AM2/4/05
to
Hi David,

Thanks for sharing your experience here!

Sure, I agree with you that the Remote Desktop should be enabled in
computer properties even the users are members of the remote desktop users
group.

Have a great day!

Bill Peng
MCSE 2000, MCDBA
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------


>From: "David Golik" <da...@nospam.paymentrequired.com>
>References: <A42DC9F4-F6D3-46DE...@microsoft.com>
<4WguTIFC...@cpmsftngxa10.phx.gbl>

<O5KWsESC...@tk2msftngp13.phx.gbl>
<AKsYM#aCFHA...@cpmsftngxa10.phx.gbl>
>Subject: Re: RWW Problem - Solution
>Date: Thu, 3 Feb 2005 16:31:09 -0000
>Lines: 226


>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2527

>X-RFC2646: Format=Flowed; Original


>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527

>Message-ID: <Oa6bb3g...@TK2MSFTNGP12.phx.gbl>


>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: border.golik.co.uk 82.152.152.50
>Path:

cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12
.phx.gbl
>Xref: cpmsftngxa10.phx.gbl microsoft.public.windows.server.sbs:143158
>X-Tomcat-NG: microsoft.public.windows.server.sbs

Hollis D. Paul

unread,
May 14, 2005, 1:44:50 PM5/14/05
to
In article <7FF0BDFB-3CFC-41A0...@microsoft.com>,
=?Utf-8?B?Tm9ybWFu?= wrote:
> I tried to rww and got the same message. "The local policy of this system
> does not permit you to logon". Before I posted to the news group I already
> looked at the knowledge based articles that you listed below. I will also
> post this in the XP group and see what I get
>
I had this problem suddenly appear. Once, when I had been working on the SBS
box looking through the policy rules, I decided that I should add my
workstation user name as a power-user. I figured then I could use my
workstation user name to do administration work on the SBS box, and not have
to login as the Administrator. Weeks or months pass. I move the 17-inch
monitor back to the workstation, leaving only a 14-monitor on the SBS box. So
I decide to RWW in to do administration from the workstation. Lo and Behold!
That message pops up. I hadn't noticed it before, because I probably had
never tried to RWW to the SBS box because it still had the 17" monitor. It
was a very insidious problem, because 1) I had forgotten about the poweruser
change, and 2) neither the workstation user account, not the poweruser group,
were listed as groups forbidden to login to the SBS box. But, the poweruser
group is a member of another group, which is forbidden to login to the SBS
box. These security policies are really evil, because they do exactly what
they are told to do, not what you want them to do. Moral of the story, track
down all the direct and indirect groups this user is a member of, and remove
him from the group that is forbidden to login to the SBS box.

HTH.

Hollis D. Paul [MVP - Outlook]
Hol...@outhousebythesound.com
Mukilteo, WA USA


0 new messages