The local policy of this system does not permit you to logon interactively

I recently upgraded our second server to be an additional Active Directory computer.  When I did this all of the user that were in the group Domain Users would get the error message "The local policy of this system does not permit you to logon interactively" when they tried to log into the server through Terminal Services.  I know that I could add them to the administrator group and they wouldn't get this message, but I don't want to have to do this.

I have gone into gpedit.msc and for the policy Log On Locally, I have added the group "Domain Users" however, the Effective Settings, has this policy disabled for Domain Users.  Where is this effective setting coming from?

Thanks

LVL 4
dovcampAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dovcampAuthor Commented:
0
LucFEMEA Server EngineerCommented:
Glad to help you solve your problem.
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

JamesYongCommented:
I changed my Group Policy. Now I cannot even logon into my Domain using the correct user name and password.
I got the following message after I type in administrator as user name . And I use the correct password:

"Local Policy of this system does not permit you to logon interactively"

Is there any way to logon to the Domain and change the Group Policy?

Or do I you to re-install the windows 2000 server starting from scratch?
0
crareyCommented:
I have three servers that are load balanced. i just added the third server, and I receive the error "Local Policy of this system does not permit you to logon interactively". A domain user can login to the first two servers, but not on the third.

I tried the one the fix above, but a domain user is still unable to login to the third server.

Any ideas?
0
LostinParadiseCommented:
I too have the problem, but it is occurring in SBS 2003. I have tried the above solutioni and can get at the way to were it wants me to execute a secedit command.  The syntax they are asking for does not exist.  Any idea's  Can I get away with a simple reboot?
0
alan_8sgCommented:
User May Be Authenticated by Wrong Domain
View products that this article applies to.
Article ID : 227904
Last Review : February 26, 2007
Revision : 3.2
This article was previously published under Q227904
SYMPTOMS
When you log on to a Windows 2000 domain, you may receive either or both of the following error messages: " Logon Denied--The password is incorrect. Please retype your password. Letters in passwords must be typed using the correct case. Make sure that Caps Lock key is not accidentally on.
The Local policy of this system does not permit you to log on interactively.

Back to the top

CAUSE
This behavior can occur if two domain controllers are promoted using Dcpromo.exe with identical domain names, and both domain controllers are installed as the first domain controller for the specified domain.

You cannot reliably configure two separate domains with the same name. Because both domains register with DNS, there is no way to control which name is resolved to the client.
Back to the top

RESOLUTION
Two resolve this issue, use either of the following methods: " Remove one of the domains with the identical name.
" Using Dcpromo.exe, demote all the domain controllers in the second domain, then use Dcpromo.exe to promote these computers to be domain controllers in the original domain.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.