• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 380
  • Last Modified:

The local policy of this system does not permit you to logon locally

Cannot get past this message.  "The local policy of this system does not permit you to log on locally"

We have a Windows 2003 Server 64 bit domain controller, an XP Professional 32 bit workstation with all Windows updates completed, all firewall rules are set, have tried everything on experts exchange, Microsoft sites and nothing works, any other ideas?
  • 3
  • 2
2 Solutions
Are you trying to RDP from the workstation into the domain controller? If that is the case, check the 'Remote Desktop Users' group on the domain controller. You user account (or a group it belongs to) needs to be there.
I guess my previous response would not fix a local logon issue. Can you explain which system you are logging into, how, and shat groups the user is in?
mortensencsAuthor Commented:
Sure, here is the environment.
I have a Windows XP Professional SP3 machine I would like to direct RDP 3389 traffic too.  I would like them to log on as a specific user.  In the domain controller under the group policy settings I have set permissions up indicating that this "user" can do about anything on the domain, just to see if I can get it to work.  No matter what permissions they have, then cannot RDP into the Windows XP Professional machine.  

The error they get is The local policy of this system does not permit you to log on locally".  It appears that the domain is not propogatting any permissions to this workstation.

I have tried using gpupdate commands and using 3rd party tools to force the propogation, rebooted the workstation and everything and it still does not appear to be receiving the group policy changes.

I could block group policy inheritance, but I just don't know the easiest way to address it.

Thank you in advance,

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Is that user part of the 'Remote Desktop Users' group on the XP system?
Hi mortensencs,
Verify !!
have you able to get remote screen, Logon Locally User Right


1.Go to Start, Settings, Control Panel, Administrative Settings.
2.Double-click Domain Controller Security Policy.
3.Go to Security Settings, Local Policies, User Rights.
4.Double-click Logon Locally on the right pane.
5.Click Add, Browse, and double click the user or group you want to add.
6.Click Ok all the way out.
7.Reboot your computer, or even better, use SECEDIT:

secedit /refreshpolicy machine_policy /enforce

By the way, in Windows Server 2003 the same user right is called "Allow Logon Locally", and to refresh the policy you need to run a different command:

gpupdate /force



mortensencsAuthor Commented:
Problem is solved,  I had tried omangmehta99's responses before and was going to try those next, however, the answer was not was either posted, but both led to development of the answer.

The answer was that the workstation had not properly joined the domain correctly.  When researching the last 2 suggestions, I attempted to manually add the groups to the domain accounts, but the domain accounts were not listed.  I unjoined the domain, re-joined the workstation to the domain and long behold....the accounts and now allowing access.  Thank you Daniel and Omangmehta99 for your assistance, it's greatly appreciated!!

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now