JSI Tip 7796. Why can users or groups that have been denied 'log on locally' still connect to Windows Server 2003 using Remote Desktop Connection?

In Windows 2000, connection from the console or through Terminal Services adhere to the the log on locally user right. If a user, or their group, has been denied log on locally, they cannot connect.

Windows Server 2003 has two different user rights:

Log on locally handles connections from the console.

Log on through Terminal Services handles connections through the Remote Desktop Connection client.

NOTE: To enable or disable Remote Desktop:

1. Open the Properties of My Computer and select the Remote tab.

2. Check or uncheck the Allow users to connect remotely to this computer box and press Apply.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.