The local policy of this system does not permit you to logon locally
Cannot get past this message. "The local policy of this system does not permit you to log on locally"
We have a Windows 2003 Server 64 bit domain controller, an XP Professional 32 bit workstation with all Windows updates completed, all firewall rules are set, have tried everything on experts exchange, Microsoft sites and nothing works, any other ideas?
We have a Windows 2003 Server 64 bit domain controller, an XP Professional 32 bit workstation with all Windows updates completed, all firewall rules are set, have tried everything on experts exchange, Microsoft sites and nothing works, any other ideas?
DanielWillmott
Are you trying to RDP from the workstation into the domain controller? If that is the case, check the 'Remote Desktop Users' group on the domain controller. You user account (or a group it belongs to) needs to be there.
I guess my previous response would not fix a local logon issue. Can you explain which system you are logging into, how, and shat groups the user is in?
ASKER
Sure, here is the environment.
I have a Windows XP Professional SP3 machine I would like to direct RDP 3389 traffic too. I would like them to log on as a specific user. In the domain controller under the group policy settings I have set permissions up indicating that this "user" can do about anything on the domain, just to see if I can get it to work. No matter what permissions they have, then cannot RDP into the Windows XP Professional machine.
The error they get is The local policy of this system does not permit you to log on locally". It appears that the domain is not propogatting any permissions to this workstation.
I have tried using gpupdate commands and using 3rd party tools to force the propogation, rebooted the workstation and everything and it still does not appear to be receiving the group policy changes.
I could block group policy inheritance, but I just don't know the easiest way to address it.
Thank you in advance,
Shawn
I have a Windows XP Professional SP3 machine I would like to direct RDP 3389 traffic too. I would like them to log on as a specific user. In the domain controller under the group policy settings I have set permissions up indicating that this "user" can do about anything on the domain, just to see if I can get it to work. No matter what permissions they have, then cannot RDP into the Windows XP Professional machine.
The error they get is The local policy of this system does not permit you to log on locally". It appears that the domain is not propogatting any permissions to this workstation.
I have tried using gpupdate commands and using 3rd party tools to force the propogation, rebooted the workstation and everything and it still does not appear to be receiving the group policy changes.
I could block group policy inheritance, but I just don't know the easiest way to address it.
Thank you in advance,
Shawn
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Problem is solved, I had tried omangmehta99's responses before and was going to try those next, however, the answer was not was either posted, but both led to development of the answer.
The answer was that the workstation had not properly joined the domain correctly. When researching the last 2 suggestions, I attempted to manually add the groups to the domain accounts, but the domain accounts were not listed. I unjoined the domain, re-joined the workstation to the domain and long behold....the accounts and now allowing access. Thank you Daniel and Omangmehta99 for your assistance, it's greatly appreciated!!
The answer was that the workstation had not properly joined the domain correctly. When researching the last 2 suggestions, I attempted to manually add the groups to the domain accounts, but the domain accounts were not listed. I unjoined the domain, re-joined the workstation to the domain and long behold....the accounts and now allowing access. Thank you Daniel and Omangmehta99 for your assistance, it's greatly appreciated!!