Windows 7 & Windows Virtual PC
in [Virtual PC]
|
Prev: Virtual PC and IRQL_NOT_LESS_OR_EQUAL BSOD
Next: SetCursorPos() fails under Windows XP mode running under Virtual P
From: wonderwhy on 1 Apr 2010 14:25 I sometimes used VPC to check user account security and e-mail accounts. This has always been fine under VPC. With Windows Virtual PC and with it's use of RDP, when I try to login in a NON-administrator account I get the following message: "the local policy of this system does not permit you to login interactively" In secpol.msc under "User Rights Assignment - Allow login through Terminal services" I have added everyone. Now at login with a NON-administrator I get this message" "You do not have access to logon to this session" In secpol.msc under User Rights Assignment - Deny Login through Terminal services I have removed our domain name, the list is empty. At login with a NON-administrator I still get this message" "You do not have access to logon to this session" The only users that can currently login to this VPC are administrators or individual users if I was to add them in the RDP settings. Microsofts answer is to add each individual user to RDP. I have over 2000 NON-administrator users (students). Adding each user name in the RDP settings is not feasible and it does not accept any Group names. There has to be a solution to get around this restriction.
From: Ronald Phillips on 2 Apr 2010 07:26 On Apr 1, 2:25 pm, wonderwhy <won...(a)why.com> wrote: > I sometimes used VPC to check user account security and e-mail accounts. > This has always been fine under VPC. With Windows Virtual PC and with > it's use of RDP, when I try to login in a NON-administrator account I > get the following message: "the local policy of this system does not > permit you to login interactively" > > In secpol.msc under "User Rights Assignment - Allow login through > Terminal services" I have added everyone. Now at login with a > NON-administrator I get this message" "You do not have access to logon > to this session" > > In secpol.msc under User Rights Assignment - Deny Login through Terminal > services I have removed our domain name, the list is empty. At login > with a NON-administrator I still get this message" "You do not have > access to logon to this session" > > The only users that can currently login to this VPC are administrators > or individual users if I was to add them in the RDP settings. Microsofts > answer is to add each individual user to RDP. > > I have over 2000 NON-administrator users (students). Adding each user > name in the RDP settings is not feasible and it does not accept any > Group names. > > There has to be a solution to get around this restriction. There should be a "Remote Desktop Users" group in User Manager where you can add the group.
From: wonderwhy on 6 Apr 2010 11:58
On 4/2/2010 7:26 AM, Ronald Phillips wrote: > On Apr 1, 2:25 pm, wonderwhy<won...(a)why.com> wrote: >> I sometimes used VPC to check user account security and e-mail accounts. >> This has always been fine under VPC. With Windows Virtual PC and with >> it's use of RDP, when I try to login in a NON-administrator account I >> get the following message: "the local policy of this system does not >> permit you to login interactively" >> >> In secpol.msc under "User Rights Assignment - Allow login through >> Terminal services" I have added everyone. Now at login with a >> NON-administrator I get this message" "You do not have access to logon >> to this session" >> >> In secpol.msc under User Rights Assignment - Deny Login through Terminal >> services I have removed our domain name, the list is empty. At login >> with a NON-administrator I still get this message" "You do not have >> access to logon to this session" >> >> The only users that can currently login to this VPC are administrators >> or individual users if I was to add them in the RDP settings. Microsofts >> answer is to add each individual user to RDP. >> >> I have over 2000 NON-administrator users (students). Adding each user >> name in the RDP settings is not feasible and it does not accept any >> Group names. >> >> There has to be a solution to get around this restriction. > > There should be a "Remote Desktop Users" group in User Manager where > you can add the group. I'm assuming you mean in AD Users & Computers. Once again, giving over 2000 students that kind of access is not acceptable. |