When a Terminal Services client attempts to connect, they receive:
The local policy of this system does not permit you to logon interactively.
If Terminal Services is installed on a domain controller, you must grant Authenticated Users, Domain Users, or Everyone the right o Log on Locally.
NOTE: Member servers and stand-alone servers have the users group included in the Log on Locally user right.
To workaround this issue:
1. Administrative Tools / Domain Controller Security Policy.
2. Double-click Security Settings / Local Policies.
3. Press User Rights Assignment.
4. Double-click Log on Locally and press Add.
5. Browse to the appropriate group and press Add.
6. Press OK, OK, and OK.
7. Open a CMD prompt and type:
secedit /refreshpolicy machine_policy /enforce.
NOTE: See tip 7579 » You receive the 'The local policy of this system does not permit you to logon interactively'?