We have a system running Windows 2000 Advanced Server, SP4, clean installation. Active Directory has just been installed, a new user (Tom) has been added in 'Active Directory Users and Computers'.
When we try and logon as Tom to the server locally the following error occurs: The local policy of the system does not permit you to logon interactively. Logging on as Administrator is OK.
Have tried going into local security settings and double clicked on the setting 'log on locally' and added the new user (Tom) to the list, restarted the computer and still can't logon as 'Tom'. Also tried to create a second new user, and adding to the 'log on locally' setting, same error.
Then logged on as Administrator, went to Local Security Settings and double clicked on 'log on locally' setting. In the Local Security Policy setting the Local Policy Setting is ticked but the effective policy is unticked and cannot be ticked as it is ghosted out.
In the Local Security Settings dialogue box it states if Domain-Level Policy Settings are defined they override local policy settings. Cannot see anything in Domain Level Policy settings that would override local policy settings.
Your help is much appreciated. New to Win2000 Advanced Server, so take it slow.