July 8, 2008 07:56pm pdt

1. KCTS 75,861
2. Phil_Agc... 63,250
3. toniur 56,884
4. oBdA 40,957
5. martin_b... 35,705
6. rpggamer... 35,234
7. johnb6767 28,442
8. tigermatt 27,877
9. CoccoBill 26,600
10. snoopfrogg 26,481
11. McKnife 24,893
12. richrumble 22,437
13. LauraEHu... 22,100
14. r-k 21,620
15. bbao 20,112

1. richrumble 644,979
2. r-k 423,480
3. Sheharya... 351,268
4. trywaredk 297,335
5. oBdA 291,082
6. war1 284,964
7. gidds99 266,792
8. Phil_Agc... 238,650
9. rpggamer... 232,153
10. sirbounty 191,193
11. toniur 161,866
12. KCTS 161,792
13. CoccoBill 160,666
14. PeteLong 156,654
15. sunray_2003 146,627

06.29.2004 at 12:27PM PDT, ID: 21042308

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

8.8

The local policy of this system does not permit you to logon interactively

Zone: Windows Network Security Questions

Tags: policy, local, interactively, logon, you

I cannot logon interactively even with domain administrator account. Can you tell me how can I reset or logon and remove the deny or bypass it. No I'm pretty much lock out from the server. URGENT Please.

Start your free trial to view this solution

Question Stats

Zone: Security

Question Asked By: nchondro

Solution Provided By: oBdA

Participating Experts: 3

Solution Grade: A

Translate:

Loading Advertisement...

Microsoft

Internet Protocols
Applications

Development
OS

Hardware
Windows Security

Apple

Operating Systems
Hardware

Programming
Networking

Software

Internet

Search Engines
File Sharing
WebTrends / Stats
Spy / Ad Blockers

Web Browsers
New Net Users
Web Development
Chat / IM

Anti Spam
Web Servers
Anti-Virus
Email Clients

Gamers

Tips
Online / MMORPG
Puzzle
Emulators

Action / Adventure
Role Playing
Consoles
Game Programming

Strategy
Sports
Misc
Computer Games

Digital Living

Hardware
New Net Users
New Users

Software
Digital Music
Gaming World

Home Security
Apple
Networking Hardware

Virus & Spyware

Vulnerabilities
IDS
Encryption
Anti-Virus

Operating Systems Security
Software Firewalls
WebApplications
Cell Phones

Operating Systems
Internet
Hardware Firewalls

Hardware

Handhelds / PDAs
Displays / Monitors
Components
Networking Hardware

Peripherals
Laptops/Notebooks
Storage
Servers

Desktops
New Users
Misc
Apple

Software

System Utilities
Industry Specific
Network Management
Photos / Graphics
Page Layout
VMWare
Misc
Web Development

OS
CYGWIN
Voice Recognition
Message Queue
Quality Assurance
Security
Firewalls
MultiMedia Applications

Development
Database
Office / Productivity
Business Management
OS/2 Apps
Server Software
Internet / Email

ITPro

OS
Storage
Encryption
Operating Systems Security
Apple Hardware
Laptops & Notebooks
Servers
Networking Hardware
Peripherals

Devices
Displays / Monitors
WebTrends / Stats
Search Engines
Firewalls
WebApplications
IDS
Vulnerabilities
Email Clients

File Sharing
Spy / Ad Blockers
Web Browsers
Web Servers
Networking
Anti-Virus
Chat / IM
Anti Spam

Developer

Web Servers
Web Browsers
Game Programming
Dev Tools
Industry Specific
Office / Productivity

Database
CYGWIN
Web Development
Search Engines
File Sharing
WebTrends / Stats

Programming
Content Management
Application Servers
Protocols

Storage

Removable Backup Media
Storage Technology
Servers

Grid
Remote Access
Backup / Restore

Misc
Hard Drives

Miscellaneous
Security
Development
Linux
VMWare

MainFrame OS
Unix
Apple
OS / 2
AS / 400

BeOS
Microsoft
VMS / OpenVMS

Database

Oracle
Miscellaneous
MySQL
Software
Sybase
Contact Management
PostgreSQL
Data Manipulation
Clarion
InterSystems Cache

Siebel
MUMPS
OLAP
SQLBase
SAS
GIS & GPS
4GL
Berkeley DB
DB2
Informix

Interbase / Firebird
FoxPro
Reporting
LDAP
Filemaker Pro
MS SQL Server
dBase
MS Access

Security

Misc
Web Browsers
Software Firewalls
Operating Systems Security
File Sharing

Spy / Ad Blockers
Vulnerabilities
WebApplications
IDS
Anti-Virus

Encryption
Anti Spam
Email Clients
VPN
Chat / IM

Programming

Editors IDEs
Installation
Handhelds / PDAs
Multimedia Programming
System / Kernel

Algorithms
Game
Signal Processing
Project Management
Open Source

Database
Misc
Languages
Processor Platforms
Theory

Web Development

Scripting
Blogs
Web Servers
Software
Search Engines
Web Graphics
Images

Internet Marketing
Images and Photos
Components
Document Imaging
Web Languages/Standards
Illustration
WebApplications

Fonts
WebTrends / Stats
Authoring
Digital Camera Software
Miscellaneous

Networking

Protocols
Apple Networking
Network Management
Message Queue
Application Servers
Content Management
File Servers
Email Servers
Misc
Java Editors & IDEs

Wireless
Networking Hardware
Backup / Restore
System Utilities
ISPs & Hosting
Web Servers
Storage Technology
Removable Backup Media
Servers
Broadband

Grid
OS / 2
Novell Netware
Unix Networking
Windows Networking
Security
Telecommunications
Operating Systems
Linux Networking

Other

Community Advisor
Lounge
Community Support
New Net Users

Philosophy / Religion
Math / Science
Miscellaneous
URLs

Expert Lounge
Politics
Puzzles / Riddles

Community Support

Suggestions
New to EE
New Topics
Community Advisor

CleanUp
Announcements
General

Feedback
Input
EE Bugs

06.29.2004 at 02:05PM PDT, ID: 11430399

Rank: Guru

oBdA:

Log on to another machine with administrative credentials. Then use ntrights.exe from the Resource Kit (needs XP or W2k3 to be installed on, but the exe can then be copied and used on any machine) to grant yourself access again.
The two permissions you need are those (which one of those depends on which setting you changed originally):
"SeInteractiveLogonRight" (case sensitive!) if you only messed up the regular "Allow interactive logon" permission, or
"SeDenyInteractiveLogonRight" if you played around with the "Deny local logon" setting.
As for the former, "ntrights -m \\YourServer -u <group or user> +r SeInteractiveLogonRight" shpuld do the trick.
As for the latter, note that you need to *remove* (-r) the right to have the local logon denied: "ntrights -m \\YourServer -u <group or user> -r SeDenyInteractiveLogonRight"

Windows Server 2003 Resource Kit Tools
http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en

Error Message: The Local Policy of This System Does Not Permit You to Log on Interactively
http://support.microsoft.com/?kbid=276590

How to Set Logon User Rights with the Ntrights.exe Utility
http://support.microsoft.com/?kbid=279664

Accepted Solution

06.29.2004 at 02:56PM PDT, ID: 11430782

nchondro:

But the server has no other computer connected to the server, what can I do then?

06.30.2004 at 01:48AM PDT, ID: 11433585

Rank: Guru

oBdA:

If there is absolutely no account (not even a user account) with which you are able to logon, the easiest option (and the one with the fewest risks involved) is to attach another machine (with the proper network settings) to your server and use ntrights to set things straight.
Failing that, you can try to get access to the drive using the Recovery Console and try your luck from there. Here are some possibilities that might work: http://securityadmin.info/faq.asp#logonfailure; I'd still recommend doing it from another machine.

06.30.2004 at 07:57AM PDT, ID: 11436537

nchondro:

We tried doing ntrights from other machine and it says granted successfully but then when we try login, still doesn't work. Dunno what is going on.

06.30.2004 at 09:41AM PDT, ID: 11437850

Rank: Guru

oBdA:

What exactly you have to do depends on what you did to lock yourself out.
There are two different possibilities here:
You changed the "Allow local logon settings", and removed some groups that need to have access.
In that case, assuming that your logon name is Administrator, this will give you the permission, so that you can get access again:
ntrights -m \\YourServer -u Administrator +r SeInteractiveLogonRight
The second setting is the "Deny local logon". If you defined users or groups here, then this setting will override any local logon permissions.
If you added, for example, the group "Domain Users" to the "Deny local logon" (which will lock out everyone, since the Administrator is a member of the Domain Users group as well), the following command will reset that again (note the "-r" when working with the Deny as opposed to the "+r" in the Allow):
ntrights -m \\YourServer -u "Domain Users" -r SeDenyInteractiveLogonRight
As said before, the group/user names to use depend on what you were defining before you found yourself locked out.

06.30.2004 at 09:47AM PDT, ID: 11437914

nchondro:

we tried both grant the user administrator SeInteractiveLogonRight and revoke the user administrator SeDenyInteractiveLogonRight. Both said successful but I can't login to the server which still give me the same error.

Thanks.

06.30.2004 at 11:07AM PDT, ID: 11438770

Rank: Guru

oBdA:

You probably denied some group the administrator is member of the local logon; you need to revoke the Deny for this exact group (or groups).

09.28.2005 at 05:38AM PDT, ID: 14974211

ghanrahan:

Hi -- I have the exact same problem. Only one account (Administrator) and no longer able to login to Windows Server 2003. I have used the ERD Commander tool to connect to the server and run the NTRights.exe successfully. It still will not work. I think I locked out the Administrator account when I set up a mail account for it. Does anyone know how I can undo that? I am getting the same error as this person states (Not allowed to login interactively). When I used NTrights to set all the permissions it said it was successful, but I still can't login.

Does anyone know how I can reverse creating the mail account for Administrator? (I set the account up with the SMTP services).

Thanks much.

jscott1979

02.14.2008 at 01:38PM PST, ID: 20897376

This link worked for me -

http://www.itvidya.com/the_local_policy_of_this_system_does_not_permit_you_to_logon_interactively
also http://www.windowsnetworking.com/articles_tutorials/Windows_2003_Terminal_Services_Part2.html

You have to use the computer management from another computer to edit the local user on the computer you are locked out of.

Hope this helps.....

20080236-EE-VQP-29