1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

logging on interactively V logging on locally

Discussion in 'Windows Server 2003 / 2008 / 2012 / 2016' started by mjtibbs, Feb 27, 2007.

  1. mjtibbs

    mjtibbs Bit Poster

    Hi guys,

    after weeks of thinking an "interactive" log-on was being logged into the domain (over the network) I just learned that it actually means being logged into a computer infront of it (at the console).

    so then what does the "log on locally" user right mean then?

    I thought log on locally meant logging on via the console.

    if interactive logon means via the console what does logging on locally actually mean?

    thanks in advance :rolleyes:
    Certifications: MCSA, OSCP, MCTS Config SharePoint 2007
  2. Mr.Cheeks

    Mr.Cheeks 1st ever Gold Member! Gold Member

    kinda awkward for me to explain, but;

    if you log on via a domain then, the dc will hold all of your settings, profiles, security policies etc and will apply them to your workstation that you are logging into. [normally under Domain (login screen, you will hjave your domain name]

    if you log on locally, then you will only have the default setting that are applied on that compute. [normally under Domain (login screen, you will have your pc name]

    i think....
  3. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    A common issue is that only domain admins can log onto a domain controller (by default). If you try logging on through terminal services as a domain user then you would have to grant that user the ‘log on locally’ permission in the default domain controller policy.

    If you deny a user\group the 'log on locally' permission they cannot log onto that machine.

    In regard to interactive logon many elements of group policy can be defined such as password policies and auditing.
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Office 365, Server 2016, CEH
  4. mjtibbs

    mjtibbs Bit Poster

    hmm im still confused with this.

    I came across an excercise question in my book which said a user was allowed to log on to the console (which is an interactive logon yea?).

    but when she tries to log on to the comp via Terminal Services, she recieves "the local policy of this system does not allow you to log on interactivley".

    to rectify this, her account needs to be added to the remote desktop users group. (according to the book)

    but then if logging on interactively means logging on at the console, which she is allowed to do, then why does it give the "interactivley" error when trying via terminal services.

    why couldnt MS make this straight forward and have it so logging on locally means at the console, and logging on interactivly means either logging into the domain or via TS.

    :boxing :boxing :boxing :boxing
    Certifications: MCSA, OSCP, MCTS Config SharePoint 2007
  5. supag33k

    supag33k Kilobyte Poster


    Yes because if the computer is a DC [and it sounds like it is from the scenario] then that user has to satisfy BOTH conditions to be allowed to connect via TS.

    Remember that the Microsoft way [and a good busines way] of assigning permissions is via groups, that is one of their main functions.



    Also a policy can overide other permissions, and is a standard way of enforcing the use of groups to control access specified via the policies.

    If you are studying 2003 exams, also at some stage look into RSoP, or resultant set of polices for "extra light reading"


    Certifications: MCSE (NT4/2000/2003/Messaging), MCDBA
    WIP: CCNA, MCTS SQL, Exchange & Security stuff
  6. mjtibbs

    mjtibbs Bit Poster

    ok thanks for that ;)
    Certifications: MCSA, OSCP, MCTS Config SharePoint 2007

Share This Page