Solved

The local policy of this system does not permit you to logon interactively

Posted on 2006-07-11
6
550 Views
Last Modified: 2010-04-13
Hi,

I have a W2K pro workstation that cannot logon with the Administrator account. It has joined a domain of an Win 2000 SBS server and no matter if I try to logon with the "Administrator" on this computer or "Administrator" account on the domain, it still gives "The local policy of this system does not permit you to logon interactively".

The W2K workstation uses FAT32 partition.  I have installed another W2K Pro O/S on the same computer in a different directory and I have tried copying the normal secedit.sdb from the new installation to the old one. And I have tried deleting the SAM file so that it would generate a new one. But the message, that I keep getting is "The local policy of this system does not permit you to logon interactively".

Is there a way that I can open the local policy file on the old installation to check what's the matter?

Thanks.

Peter
0
Comment
Question by:billyboy71
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 9

Expert Comment

by:dooleydog
ID: 17080638
Once you join the domain, you will need to use the domain administrator password. In addition, you can add most any user account to the list of users who can log on locally.

This is in Group Policy, - this link is for 2003, but it should be the same in 2000.

http://support.microsoft.com/default.aspx?scid=kb;en-us;323076

Good Luck,

0
 
LVL 26

Expert Comment

by:Pber
ID: 17081708
You need to set the policy for this user or group to logon locally.  

This can be done a few different ways:

This can be done by setting up a GPO and assigning it to the OU that the computer belongs to.

It can also be done by loading the local computer policy on the w2kpro machine if you can logon locally.
... or remotely by typing:

Gpedit.msc /gpcomputer:<machine name>

Unlimately whichever way you apply the policy, configuring it is the same in all cases ablve... Navigate to:
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignments

In the field "Log On Locally", Grant the users/group you want to logon locally.
Reboot workstation and logon.
0
 

Author Comment

by:billyboy71
ID: 17083013
What is an OU?

I tried to using the Domain Controller to access the computer "test1".  It works, when I type gpedit.msc /gpcomputer: test1, but when I try to go the path that you talk about , it does not work.

I can get as far as Security Settings and when I am there I only see "IPsecuritypolicy on \\test1" .

Any other suggestions?

Thanks.
0
 

Author Comment

by:billyboy71
ID: 17096994
I found out the problem.  It turns out that my server, the Domain Controller had a setting under  "Logon Locally" in the the "Domain Security Policy". The setting was only for one particular user and the Administrators group was not added in there. There were 2 ways to solve the problem

1. Add the Administrators group to "Logon Locally"

2. Set "Logon Locally" to undefined.

Thanks for the suggestions. It helped me lead up to the resolution.

Peter
0
 

Accepted Solution

by:
ee_ai_construct earned 0 total points
ID: 17306407
PAQ / Refund
ee ai construct, community support moderator
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
When the s#!t hits the fan, you don’t have time to look up who’s on call, draft emails, call collaborators, or send text messages. An instant chat window is definitely the way to go, especially one like HipChat. HipChat is a true business app. An…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question