Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Difference in the user right "Deny log on locally" between Windows 2000 and Windows 2003

Difference in the user right "Deny log on locally" between Windows 2000 and Windows 2003

View products that this article applies to.

Symptoms

In Windows 2003, users or members of a group that have been denied "log on locally" can still connect to the computer using Remote Desktop Connection.

↑ Back to the top

Cause

In Windows 2000, connections from the console or through Terminal Services were handled the same way : through the "Log on locally" user right.

In Windows 2003, these two types of connections now depend on two user rights :
  • Log on locally : which handles the connection from the console.
  • Log on through Terminal Services : which handles the connections through the Remote Desktop Connection client.

↑ Back to the top

More information

This change has been made because the Remote Desktop is natively part of Windows 2003. Even without the Terminal Services service set up you can still access the computer remotely.
To enable/disable Remote Desktop, open the properties of "My computer", show the "Remote" tab and check/uncheck the "Allow users to connect remotely to this computer" checkbox.

↑ Back to the top

Keywords: KB837954, kbinfo, kbgpo, kbtermserv

↑ Back to the top

Article Info
Article ID : 837954
Revision : 2
Created on : 3/1/2004
Published on : 3/1/2004
Exists online : False
Views : 158