Windows XP - Unable to login due to group policy when using a local computer account with user-only membership
Windows XP Pro with SP2 workstation is joined to the domain. But I just need to login locally so I select (This Computer) in the logon to drop down list.
- I created a local account rm_user with user only membership. When I try logging in locally "Interactive logon not allowed due to policy restriction"
- Any local account that is member of administrator is ok!
- Any domain account even with domain user membership is ok!
I tried Run -> gpedit.msc but it is restricted even when logged in as local administrator. So off I go to the Domain Controller -> DSA.msc thinking that policy must be trickling down from domain level.
I moved out the workstation's computer account from a custom ou that has a group policy enabled. The computer is now in the default in Computer container. I checked the domain level default policy and I do not see anything explicitly defined to disallow interactive logon in any fashion.
What is stopping me from logging in locally as a user with user-only membership?
- I created a local account rm_user with user only membership. When I try logging in locally "Interactive logon not allowed due to policy restriction"
- Any local account that is member of administrator is ok!
- Any domain account even with domain user membership is ok!
I tried Run -> gpedit.msc but it is restricted even when logged in as local administrator. So off I go to the Domain Controller -> DSA.msc thinking that policy must be trickling down from domain level.
I moved out the workstation's computer account from a custom ou that has a group policy enabled. The computer is now in the default in Computer container. I checked the domain level default policy and I do not see anything explicitly defined to disallow interactive logon in any fashion.
What is stopping me from logging in locally as a user with user-only membership?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Actually here is the exact message.
"The local policy of this system does not permit you to logon interactively"
I guess the key here is to unlock gpedit.msc as I'm unable to run it. How though?
"The local policy of this system does not permit you to logon interactively"
I guess the key here is to unlock gpedit.msc as I'm unable to run it. How though?
You know, i was thinking about this a bit more. Did you add the users you want to access this into the RD logon?
Right click my computer icon>>go to properties>>select the remote tab>>select the manage users button.
Are the users you want to remote logon in that list?
Right click my computer icon>>go to properties>>select the remote tab>>select the manage users button.
Are the users you want to remote logon in that list?
what does it say when you try to run gpedit.msc from the run command?
try running it logged on and a LOCAL administrator and then a DOMAIN administrator. see if you can get into it in either of these.
try running it logged on and a LOCAL administrator and then a DOMAIN administrator. see if you can get into it in either of these.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
group policy, computer config > windows settings > security settings > local policies > user rights assignment > deny logon locally