Here is what I have going on.
We have a Windows Server 2003 PDC, and a Windows 2000 server acting as a terminal server.
We have multiple remote offices that connect over a VPN back to our main office. This VPN is managed with Sonicwall devices.
The problem is this:
With certain users, we cannot login to the domain unless we had them to the "domain admin" group.
I've checked the security policy on the PC's in question to make sure deny logon locally is not checked, as well as added those users to the "allow logon locally" section of the policy. However, we still get a "The local policy of this computer does not permit you to logon locally.
I've checked and double checked the GP settings on the PDC and nothing is enabled that would deny someone from logging on locally to their PC's. Same thing goes for the remote PC's that I've logged into and checked the settings on there.
I've done several restarts on the PC's, and several gpupdate /force .
From what I've seen, this error generally pertains to when a user is attempting to logon to a terminal server, but that is not the case for us. These are users attempting to logon to their workstation using their username / pass. Not logon to a terminal server.
I created a test account in the AD, but had the same issue, unless I added him to the domain admin group.
Any insight is appreciated.