I sometimes used VPC to check user account security and e-mail accounts.
This has always been fine under VPC. With Windows Virtual PC and with
it's use of RDP, when I try to login in a NON-administrator account I
get the following message: "the local policy of this system does not
permit you to login interactively"

In secpol.msc under "User Rights Assignment - Allow login through
Terminal services" I have added everyone. Now at login with a
NON-administrator I get this message" "You do not have access to logon
to this session"

In secpol.msc under User Rights Assignment - Deny Login through Terminal
services I have removed our domain name, the list is empty. At login
with a NON-administrator I still get this message" "You do not have
access to logon to this session"



The only users that can currently login to this VPC are administrators
or individual users if I was to add them in the RDP settings. Microsofts
answer is to add each individual user to RDP.

I have over 2000 NON-administrator users (students). Adding each user
name in the RDP settings is not feasible and it does not accept any
Group names.

There has to be a solution to get around this restriction.

On Apr 1, 2:25*pm, wonderwhy <won...@newsgroup> wrote:

> I sometimes used VPC to check user account security and e-mail accounts.
> This has always been fine under VPC. With Windows Virtual PC and with
> it's use of RDP, when I try to login in a NON-administrator account I
> get the following message: "the local policy of this system does not
> permit you to login interactively"
>
> In secpol.msc under "User Rights Assignment - Allow login through
> Terminal services" I have added everyone. Now at login with a
> NON-administrator I get this message" "You do not have access to logon
> to this session"
>
> In secpol.msc under User Rights Assignment - Deny Login through Terminal
> services I have removed our domain name, the list is empty. At login
> with a NON-administrator I still get this message" "You do not have
> access to logon to this session"
>
> The only users that can currently login to this VPC are administrators
> or individual users if I was to add them in the RDP settings. Microsofts
> answer is to add each individual user to RDP.
>
> I have over 2000 NON-administrator users (students). Adding each user
> name in the RDP settings is not feasible and it does not accept any
> Group names.
>
> There has to be a solution to get around this restriction.

There should be a "Remote Desktop Users" group in User Manager where
you can add the group.

On 4/2/2010 7:26 AM, Ronald Phillips wrote:

> On Apr 1, 2:25 pm, wonderwhy<won...@newsgroup> wrote:

>> I sometimes used VPC to check user account security and e-mail accounts.
>> This has always been fine under VPC. With Windows Virtual PC and with
>> it's use of RDP, when I try to login in a NON-administrator account I
>> get the following message: "the local policy of this system does not
>> permit you to login interactively"
>>
>> In secpol.msc under "User Rights Assignment - Allow login through
>> Terminal services" I have added everyone. Now at login with a
>> NON-administrator I get this message" "You do not have access to logon
>> to this session"
>>
>> In secpol.msc under User Rights Assignment - Deny Login through Terminal
>> services I have removed our domain name, the list is empty. At login
>> with a NON-administrator I still get this message" "You do not have
>> access to logon to this session"
>>
>> The only users that can currently login to this VPC are administrators
>> or individual users if I was to add them in the RDP settings. Microsofts
>> answer is to add each individual user to RDP.
>>
>> I have over 2000 NON-administrator users (students). Adding each user
>> name in the RDP settings is not feasible and it does not accept any
>> Group names.
>>
>> There has to be a solution to get around this restriction.

>
> There should be a "Remote Desktop Users" group in User Manager where
> you can add the group.

I'm assuming you mean in AD Users & Computers. Once again, giving over
2000 students that kind of access is not acceptable.