I have read every topic there is about this. I understand completely Windows security and how the Group Policy works. I just can't seem to make domain users about to interactively logon to domain computers. Actually, up until yesterday it was not a problem. We have a problem with the server (Windows Server 2003 Enterprise Edition) and had to repair from the source disc. After that I can't get domain users logged in unless I also make them members of the Domain Admins group on the server. I have verify that there are no "Deny local logins" and that it has not persisted to the domain computers. They SHOULD be able to log in...but can't. I am so frustrated. What can I do???