Solved

Logging On

Posted on 2004-04-24
11
639 Views
Last Modified: 2010-04-11
When I log off as administrator on my Dell Poweredge server running W2K and try to log on as a user, I get the message
"The local policy of this system does not permit you to logon interactively"

How do I get round this so that I can set up profiles?

Peter
0
Comment
Question by:Peter_Fabri
  • 4
  • 3
  • 3
  • +1
11 Comments
 
LVL 2

Assisted Solution

by:jonpaulr
jonpaulr earned 200 total points
ID: 10906626
Your answer will vary depending on your server configuration, here are some steps:

#1 Make sure you haven't authorized one user to logon interactively to the server and added his name to the domain security policy for interactive logon. This will disable access for all other users including except for the listed user.

#2 If you're running active directory, try this:

When you attempt to log on to a domain or to the local computer, you receive:

The local policy of this system does not permit you to logon interactively.

This problem is the result of setting the Deny logon locally policy on your computer.

To properly setup this policy, create an organizational unit  (OU) for computers that you want to exclude from the Deny logon locally policy, and then grant the Log on locally policy to individuals or groups in the OU:

01. Open the Active Directory Users and Computers snap-in.

02. Right-click the domain name, press to New and Organizational Unit.

03. Name the OU and press OK.

04. Select the container that contains the computers you wish to move to the new OU.

05. Right-click the computers that you wish to move and press Move.

06. Select the new OU and press OK.

07. Right-click the new OU and press Properties.

08. Select the Group Policy tab.

09. Press New, type the GPO (Group Policy Object) name, and press Edit.

10. Navigate through Computer Configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignment.

11. In the right-hand pane of the GPO dialog, right-click Log on locally and press Security.

12. Check the Define these policy settings box.

13. Press Add and Browse.

14. Select the users and/or groups that should be granted the Log on locally policy and press Add, OK, and OK. You can hold down the CTRL key to select multiple objects.

15. Press OK to close the Security Policy dialog.

#3 If that fails, follow these Microsoft steps: http://www.microsoft.com/resources/documentation/IIS/6/all/proddocs/en-us/Default.asp?url=/resources/documentation/IIS/6/all/proddocs/en-us/localsec_troubleshoot.asp

0
 

Author Comment

by:Peter_Fabri
ID: 10906794
Is moving a computer from the domain controller container ok to do (steps 04 and 05)? I don't have computers in any other container.

Peter
0
 
LVL 2

Expert Comment

by:jonpaulr
ID: 10906818
My guess is that this would be used if you wanted to give rights to some and not others. I believe you can use the same OU you currently have.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10907735
Users by default arent granted the right to log on to a server....only domain admins.
0
 
LVL 31

Accepted Solution

by:
Gareth Gudger earned 300 total points
ID: 10907741
To change this go to Start ==> Run ==> type gpedit.msc and click ok

Expand...

+ Computer Config
  + Windows Settings
    + Security Settings
      + Local Policies
        + User Rights Assignment

Double click "Log on Locally" and add the "Domain Users" group. Also check what groups are in the "Deny log on locally"

0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10907742
Personally I wouldnt recommend letting users log on to the server themselves without good reason.
0
 

Author Comment

by:Peter_Fabri
ID: 10911283
I have done what diggisaur has suggested, adding a select number of users, but I still get the message "The local policy of this system does not permit you to logon interactively". In a actual fact the group "users" was already there, which contain the users I want to log on to my server. Still no joy. Perhaps I need to go deeper or elsewhere in the security setting, but where?

Peter
0
 
LVL 1

Expert Comment

by:mgrass
ID: 10912472
The directiions that diggisaur gave you should work...

1.  Go to 'Domain Controller Security Policy'
2.  Expand Security and Local Policies
3.  Select User Rights Assignments
4.  Find Log on Locally
5.  Right-click, select Security
6.  Add wanted users here.

If you tested it immediately after you added users you might have to wait 5 min for it to take effect.  You can bypass that by doing a

   secedit /refreshpolicy user_policy /enforce

from a command prompt.  
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10912702
LOL...he already tried that.
0
 
LVL 2

Expert Comment

by:jonpaulr
ID: 10914179
There is obviously a conflicting entry someplace that is says "permission denied" over riding the permission "to".
0
 

Author Comment

by:Peter_Fabri
ID: 10932751
An Active Directory manual I'm reading says to set standard roaming user profiles or mandatory user profiles, you set up a template, log off as administrator, log back on as that user and set the desk top appropriately. This is what I am trying to achieve. But if Windows 2000 server policy doesn't let you log on locally and following the advice above fails to achieve the desired result, then how would you set up these profiles?

Peter
0

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now