JSI Tip 6393. When you attempt to log on to a Windows 2003 terminal server, you receive 'Your interactive logon privilege has been disabled'?

You will receive the subject message if you add the Guest account to the built-in Remote Desktop Users security group and then try to log on as Guest.

Since the Guest account had been denied Read access to its' account in Active Directory, you receive this error message.

NOTE: Any user account that has been denied Read permissions to its' account in Active Directory,or in the local SAM, will generate this message.

To workaround this feature:

1. On the terminal server, use the Registry Editor to navigate to:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal Server.

2. On the Edit menu, press New and DWORD Value.

3. Set the Value Name to IgnoreRegUserConfigErrors.

4. Right-click the new IgnoreRegUserConfigErrors Value Name and press Modify.

5. Set the data value to 1.

6. Press OK.

7. Exit the Registry Editor.

NOTE: When the IgnoreRegUserConfigErrors Value Name is set to 1, Winlogon ignores errors reading the Terminal Services Configuration data and reads the DefaultUserConfig data instead.