Domain Users receive "local Policy of this system does not allow you to log on Interactively"

Posted on 2006-03-31
Medium Priority
Last Modified: 2010-04-11
Good evening everyone,

I've been working on group policies and somewhere I've messed up.
First I want to say that I've read through a few pages of current topics but nothing has helped so far.

What I've got is this:
domain.com with the following OUs.  General Users, Information Systems, and Restricted Internet Access.  I've moved the majority of the users to General Users and given it a gpo named general users.  Same type thing for the IS OU and the Restricted Internet Access OU.  

I moved the users to the general users OU this morning.  Well sometime after lunch, some people tried to log back in [on a domain PC-not the domain controller] and received the above error.  If I add them to Domain Admins [which I did due to the nature of our work but of course I don't want to keep them as such]

I've looked at the deny logon locally and the allow logon in the Default Domain Controllers policy and they looked fine.  [Well domain users was not in the allow-I added it-and only one thing was in the deny {domain.SUPPORT_388945a0}

I'm sure I've left some fital info out so please ask questions...  Also I know very little about policies so please bear with me.

Question by:mbarnesseo
  • 2

Author Comment

ID: 16346368
Well thanks to the powers that be and my own stupidity I think it is fixed.  I would like to keep this open for the same amount of points.  I think - think I say- that I shouild of ran the secedit /refreshpolicy machine_policy /enforce.  [Doesn't changes in domain controller policy take awhile to trickle down?]

Bonus question:

I've been trying to use GPOs to limit internet access.  I've read a lot of the posts about the subject and decided the cheapest and easiest course of action for what I want is to use the 'fake' proxy server.  However, I do want them to get to a few sites that they use for work.  Unfortunately it seems that the exception list is limited to the number of characters or entries.  Is there a way to increase that or have the GPO look at a text file?

I know... using an actual proxy server would be the best way... but this company will not spring for one.

thanks again

LVL 85

Accepted Solution

oBdA earned 900 total points
ID: 16349874
You could use a Proxy Auto Configuration (pac) script, which would return "direct" for any allowed site, and a fake proxy for everything else.
Navigator Proxy Auto-Config File Format

Maybe of interest, here's a site that offers a pac script that prevents downloads from ad servers:
Bust Banner Ads with Proxy Auto Configuration

Assisted Solution

Jeb911 earned 600 total points
ID: 16352660

Author Comment

ID: 16392266
Anyone else have any suggestions?  I want to reward points on Monday...



Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question