Issue
Users who do not have the "Log On Locally" right cannot remotely connect to a computer that is protected with the Windows Logon Agent via RDP, even if they have the correct permissions for a network logon.
Cause
The Windows Logon Agent and Windows Credential Provider handles remote connections to a domain controller as a local logon process. Whether a session is local or remote, it will require local connection privileges.
Resolution
- Assign the user the "Log On Locally" right using Group Policy, or add them to a group that has that right. Instructions on doing this are available here: (Server 2003) http://technet.microsoft.com/en-us/library/cc756809(WS.10).aspx (Server 2008) http://technet.microsoft.com/en-us/library/ee957044(v=ws.10).aspx.
- Run "gpupdate /force".
- Reboot the Domain Controller.
Affects
Windows Logon Agent and Windows Credential Provider
Questions?
If you have any questions or need some help, we would be happy to assist. Open a case at help.scorpionsoft.com or send an email to support@scorpionsoft.com.