The local policy of this system does not permit you to logon locally

Cannot get past this message.  "The local policy of this system does not permit you to log on locally"

We have a Windows 2003 Server 64 bit domain controller, an XP Professional 32 bit workstation with all Windows updates completed, all firewall rules are set, have tried everything on experts exchange, Microsoft sites and nothing works, any other ideas?
Who is Participating?
DanielWillmottConnect With a Mentor Commented:
Is that user part of the 'Remote Desktop Users' group on the XP system?
Are you trying to RDP from the workstation into the domain controller? If that is the case, check the 'Remote Desktop Users' group on the domain controller. You user account (or a group it belongs to) needs to be there.
I guess my previous response would not fix a local logon issue. Can you explain which system you are logging into, how, and shat groups the user is in?
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

mortensencsCEOAuthor Commented:
Sure, here is the environment.
I have a Windows XP Professional SP3 machine I would like to direct RDP 3389 traffic too.  I would like them to log on as a specific user.  In the domain controller under the group policy settings I have set permissions up indicating that this "user" can do about anything on the domain, just to see if I can get it to work.  No matter what permissions they have, then cannot RDP into the Windows XP Professional machine.  

The error they get is The local policy of this system does not permit you to log on locally".  It appears that the domain is not propogatting any permissions to this workstation.

I have tried using gpupdate commands and using 3rd party tools to force the propogation, rebooted the workstation and everything and it still does not appear to be receiving the group policy changes.

I could block group policy inheritance, but I just don't know the easiest way to address it.

Thank you in advance,

omangmehta99Connect With a Mentor Commented:
Hi mortensencs,
Verify !!
have you able to get remote screen, Logon Locally User Right

1.Go to Start, Settings, Control Panel, Administrative Settings.
2.Double-click Domain Controller Security Policy.
3.Go to Security Settings, Local Policies, User Rights.
4.Double-click Logon Locally on the right pane.
5.Click Add, Browse, and double click the user or group you want to add.
6.Click Ok all the way out.
7.Reboot your computer, or even better, use SECEDIT:

secedit /refreshpolicy machine_policy /enforce

By the way, in Windows Server 2003 the same user right is called "Allow Logon Locally", and to refresh the policy you need to run a different command:

gpupdate /force



mortensencsCEOAuthor Commented:
Problem is solved,  I had tried omangmehta99's responses before and was going to try those next, however, the answer was not was either posted, but both led to development of the answer.

The answer was that the workstation had not properly joined the domain correctly.  When researching the last 2 suggestions, I attempted to manually add the groups to the domain accounts, but the domain accounts were not listed.  I unjoined the domain, re-joined the workstation to the domain and long behold....the accounts and now allowing access.  Thank you Daniel and Omangmehta99 for your assistance, it's greatly appreciated!!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.