Can't log on localy to my own server - GPO Issue.

Posted on 2006-04-11
Medium Priority
Last Modified: 2010-04-18
I am running a SBS 2003 server with all of the service packs installed (SP1 for Server 2003, Exchange SP1, SBS2003 SP1, etc). Everything was running fine until 2 days ago, when I went to log onto the server. Using the Admin credentials I got this at the log on:

"Local Policy of this system does not permit you to log on interactively."

This is the result attempting to use any user account, even those that are part of the Admin group (or any group for that matter).

This is the only server in the domain, so it is the stand-alone DC. Nothing was added or installed with the exception of a Microsoft Update pack that the Office Manager clicked "install" on when she was changing out the backup-tapes. The server has been re-booted 3 times since the updates/problems arose (after various attempts at a solution).

I can use Remote Desktop from inside the LAN to log onto the server using any Admin account. I also VPN in form home and have no issue logging onto the server from there. This problem only affects the local logon - IT STOPS IT.

GPO's are configured as follows:

Allow Log on Locally - Not Defined
Deny Log on Locally - Not Defined

Security Options - Interactive Logon None of 10 are Defined (All "Not Defined")

Allow Log on Locally - Not defined
Deny Log on Locally - Not Defined

Security Options - Interactive Logon None of 10 are Defined (All "Not Defined")

I had previously installed the Microsoft Windows 2003 Resource Kit so I have RUN:
ntrights -m \\computer -u user to remove -r SeDenyInteractiveLogonRight

This was to remove any local logon restrictions from the Admin account. The prompt was "success" when it finished but I still cannot log on to the server locally.

As you can imagine, being locked out of my own server is not only a problem... it is making me look like an idiot to the guys who cut my checks. Switching backup tapes will be an issue by the weekend.

Anyone got a line on this?

Again, this is a single server domain. It has 15 clients on the LAN, 5 of which are MAC-OX machines running MS Office for MAC (Entourage to connect to Exchange). I have an additional 15 users in AD who are over-seas and use the Exchange and its OWA only. I am pushing it with user account licenses for SBS2003 I think (Each local user has at least one alias account that is used to POP mail out of for a 2nd/3rd hosted domain) but that should not effect the Server local log-on.

Like I said, "Anyone... Anyone..."

Question by:mojopojo
  • 3
  • 2

Author Comment

ID: 16431858
Oh yea:

I have also tried defining the "Allow Log on Locally" policy in both interfaces with permissions for the Administrator, Administrators (Group), Domain Admins... and as a last ditch effort "Domain Users".

Still no deal.

LVL 23

Accepted Solution

TheCleaner earned 2000 total points
ID: 16431974

Author Comment

ID: 16432597
You could not better describe my problem if you were to have written that KB article yourself AFTER I posted the question. I drudged through the MS KB for the last 48 hours and somehow did not hit on this.

Thanks for the quick gun on this.

Unfortunately by the time I got here I was locked out of the office. I made the user/group membership changes via desktop-remote/VPM. I'll know in the morning and post the results. But I will sleep better tonight believing that this is the fix.

I'll post when I know.


Author Comment

ID: 16442085
Spot right on.

Thanks to TheCleaner.

LVL 23

Expert Comment

ID: 16445516
Very welcome....thanks for the points.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question