Microsoft KB Archive/837954

= Difference in the user right &quot;Deny log on locally&quot; between Windows 2000 and Windows 2003 =

Article ID: 837954

Article Last Modified on 3/1/2004

-

APPLIES TO


 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)

-



SYMPTOMS
In Windows 2003, users or members of a group that have been denied &quot;log on locally&quot; can still connect to the computer using Remote Desktop Connection.



CAUSE
In Windows 2000, connections from the console or through Terminal Services were handled the same way : through the &quot;Log on locally&quot; user right.

In Windows 2003, these two types of connections now depend on two user rights :


 * Log on locally : which handles the connection from the console.
 * Log on through Terminal Services : which handles the connections through the Remote Desktop Connection client.



MORE INFORMATION
This change has been made because the Remote Desktop is natively part of Windows 2003. Even without the Terminal Services service set up you can still access the computer remotely.

To enable/disable Remote Desktop, open the properties of &quot;My computer&quot;, show the &quot;Remote&quot; tab and check/uncheck the &quot;Allow users to connect remotely to this computer&quot; checkbox.

Keywords: kbinfo kbgpo kbtermserv KB837954

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.