Error Message: Your Interactive Logon Privilege Has Been Disabled. Please Contact Your System Administrator (265382)

RESOLUTION

To resolve this problem, use the appropriate method:

Windows 2000 Terminal Server Is Installed in a Windows NT 4.0 Domain

For a Windows 2000 Terminal Server in a Windows NT 4.0 domain that appears to be affecting only some, but not all users, the affected users need to have the "Allow Logon to Terminal Server" permission enabled. To enable this feature, click the Configuration button in the appropriate user properties to view and then click to select the Allow Logon to Terminal Server check box.

NOTE: You can view the Configuration button through User Manager on the Windows 2000 Terminal Server or by copying the appropriate files to a Windows NT 4.0 Server.

Start User Manager on the Windows 2000 Terminal Server. To do so, click Start, click Run, type usrmgr.exe in the Open box, and then press ENTER. Click the TS Config button from the user's properties.

NOTE: To view this button and check box on a Windows NT 4.0 Server, you may need to copy the following files from a Windows NT 4.0, Terminal Server Edition server (located in the WTSRV\System32 folder), or from the Windows NT 4.0, Terminal Server Edition CD-ROM, into the Winnt\System32 folder. Note that you can rename the existing file before you copy these new files.

• Usermgr.exe
• Utildll.dll
• Winsta.dll
• Regapi.dll

IMPORTANT: If you take these files from the Windows NT 4.0, Terminal Server Edition CD-ROM, you must first expand these files because they appear with an underscore character (_) in place of the last letter in the file extension. As an example of how to do so, type expand utildll.dl_ utildll.dll at a command prompt for the file Utildll.dl_, and then press ENTER.

These files run Terminal Server User Manager for Domains on that domain controller (DC), and you can then click the Configuration button to view the Allow logon to terminal server check box. Note that these features are only available on the primary domain controller (PDC) or backup domain controller (BDC) where these files were copied to, and not on any other DCs.

Windows 2000 Terminal Server Is Installed in a Windows 2000 Domain

For a Windows 2000 Terminal Server that is located in a Windows 2000 domain, a Terminal Services Profile tab is already available in the user's properties in Active Directory Users and Computers. To view this, click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers. To view the properties of a user, either double-click the user, or right-click the user and then click Properties.

If all users or entire groups of users are affected, the problem may be located in other areas that relate to those specific user's rights. Other areas to check include:

• Verify that the RDP-Tcp connection object has granted the necessary users and/or groups "User Access" to the Terminal Server. To do so, start Terminal Services Configuration manager by clicking Start, pointing to Programs, pointing to Administrative Tools, clicking TS Configuration, and then clicking Connections. In the right-side pane, right-click the RDP-Tcp connection and then click Properties. Click the Permissions tab, and then verify that the affected users/groups have been granted at least "User Access".
• Verify that the local policy of the computer grants these users and/or groups both of the "Access this computer from the network" and "Logon locally" rights. To do so, view the Local Security Policy by clicking Start, pointing to Programs, pointing to Administrative Tools, and then clicking Local Security Policy. Double-click the Local Policy branch to expand it, and then click User rights assignment. Double-click Access this computer from the network and Logon locally to verify that the affected users and/or groups have been granted the appropriate permission.