• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 564
  • Last Modified:

The local policy of this system does not permit you to logon interactively

Hi,

I have a W2K pro workstation that cannot logon with the Administrator account. It has joined a domain of an Win 2000 SBS server and no matter if I try to logon with the "Administrator" on this computer or "Administrator" account on the domain, it still gives "The local policy of this system does not permit you to logon interactively".

The W2K workstation uses FAT32 partition.  I have installed another W2K Pro O/S on the same computer in a different directory and I have tried copying the normal secedit.sdb from the new installation to the old one. And I have tried deleting the SAM file so that it would generate a new one. But the message, that I keep getting is "The local policy of this system does not permit you to logon interactively".

Is there a way that I can open the local policy file on the old installation to check what's the matter?

Thanks.

Peter
0
billyboy71
Asked:
billyboy71
1 Solution
 
dooleydogCommented:
Once you join the domain, you will need to use the domain administrator password. In addition, you can add most any user account to the list of users who can log on locally.

This is in Group Policy, - this link is for 2003, but it should be the same in 2000.

http://support.microsoft.com/default.aspx?scid=kb;en-us;323076

Good Luck,

0
 
PberSolutions ArchitectCommented:
You need to set the policy for this user or group to logon locally.  

This can be done a few different ways:

This can be done by setting up a GPO and assigning it to the OU that the computer belongs to.

It can also be done by loading the local computer policy on the w2kpro machine if you can logon locally.
... or remotely by typing:

Gpedit.msc /gpcomputer:<machine name>

Unlimately whichever way you apply the policy, configuring it is the same in all cases ablve... Navigate to:
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignments

In the field "Log On Locally", Grant the users/group you want to logon locally.
Reboot workstation and logon.
0
 
billyboy71Author Commented:
What is an OU?

I tried to using the Domain Controller to access the computer "test1".  It works, when I type gpedit.msc /gpcomputer: test1, but when I try to go the path that you talk about , it does not work.

I can get as far as Security Settings and when I am there I only see "IPsecuritypolicy on \\test1" .

Any other suggestions?

Thanks.
0
 
billyboy71Author Commented:
I found out the problem.  It turns out that my server, the Domain Controller had a setting under  "Logon Locally" in the the "Domain Security Policy". The setting was only for one particular user and the Administrators group was not added in there. There were 2 ways to solve the problem

1. Add the Administrators group to "Logon Locally"

2. Set "Logon Locally" to undefined.

Thanks for the suggestions. It helped me lead up to the resolution.

Peter
0
 
ee_ai_constructCommented:
PAQ / Refund
ee ai construct, community support moderator
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now