[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 250
  • Last Modified:

The local policy of this system does not permit you to logon interactively

Hello Gentlemen,
 I need help in this situation I had two domain controllers for testing one it's windows 2000 domain controller example.com netbios name example and second domain controller windows 2003 enterprise domain controller. test.com netbios name test
my clients windows xp service pack2.  I created a dual trust both direction in windows 2003 controller and automatic created the trust in windows 2003 domain controller, by the way windows 2000 controller it's mixed environment.
my windows xp machine logs in to windows 2000 controller with no problem but went I tried to log to windows 2003 controler as administrator or regular user I get this message. logon message (the local policy of this system does not permit you to logon interactively.  I check the local policy under domain controller policy and domain policy and gave access to login from the network to these users but I keep getting this message and I not able to login to windows 2003 controller.

Please help.
rj.
rafael@mrvcs.com
0
rafaelj_Us
Asked:
rafaelj_Us
1 Solution
 
gidds99Commented:
There is specifically a "logon locally" policy option.  I cant remember exactly where it is located within the policies but you should find it if you have a look.  The logon from the network option refers to accessing the machine from another on the LAN rather than accessing it locally.

These PAQ's may also help:

http://www.experts-exchange.com/Security/Win_Security/Q_20812967.html

http://www.experts-exchange.com/Security/Win_Security/Q_21042308.html

or

this MSKB article:

http://support.microsoft.com/?kbid=841188

Hope this helps.
0
 
maninblac1Commented:
If the computer you're trying to access is "user" level on the domain, you must be an admin to login interactively.  However, even that can be disabled.  Make sure your settings on the domain are correct.  Once that's done, make sure you gpupdate the trouble machine.

go to start, run, and type in

gpupdate

if that doesn't work try

gpupdate /force

that will ensure that the problem machine has the latest rules for the domain and its group.
0
 
rafaelj_UsAuthor Commented:
hi guys I tried all this before I posted this question and the problem was a mistake a did in my windows xp machine.

I am sorry.

My windows xp service pack2 it's a member of the windows  2000 domain controller " example" (netbios name) I was logging off and trying to login to "test" (netbios name for windows 2003 domain controller).

the mistake was I forgot to create a user on windows xp machine to login to 2003 domain controller on control panel users, add user /test/johhny.

Thank you for trying to help me I appreciate.

rj
 





Title: The local policy of this system does not permit you to logon interactively
asked by rafaelj_Us on 04/20/2006 02:52PM PDT  
This question is worth  0 Points  
 
 


please deleted question posted at http://www.experts-exchange.com/Security/Win_Security/Q_21820171.html

I answered the question myselft I forgot to add a user to in the windows xp machine for my 2003 domain controller.

control panel, user accounts, add user.  the user to login to windows 2003 domain controller.

everything works fine now.  

thank you,

maybe this help remind someone of the same mistake.

rj
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
Keith AlabasterCommented:
Sounds totally bizarre as you do not 'need' to create local users if the Xp machine has a domain membership. Creating a local user is not going to allow domain logon either so I do not see the tie in. I would have accepted Gidds99 but this is just my view.

Regards
Keith
EE Page Editor
0
 
rafaelj_UsAuthor Commented:
Hi Keith,

I sounds bizarre but I had already tried the answer from gidds99 and the only think that fixed it was creating a domain user from windows 2003 domain controller and I was able to login.  I never had a problem with two different 2000 domain controllers forest and creating a trust I was able to login but between 2000 and 2003 domain controller there is an issue.  

But thank you for you reply it was appreciated.
rj


There is specifically a "logon locally" policy option.  I cant remember exactly where it is located within the policies but you should find it if you have a look.  The logon from the network option refers to accessing the machine from another on the LAN rather than accessing it locally.

These PAQ's may also help:

http://www.experts-exchange.com/Security/Win_Security/Q_20812967.html

http://www.experts-exchange.com/Security/Win_Security/Q_21042308.html

or

this MSKB article:

http://support.microsoft.com/?kbid=841188

Hope this helps.
0
 
GranModCommented:
Closed, 125 points refunded.
GranMod
The Experts Exchange
Community Support Moderator of all Ages
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now