Solved

the local policy of this system does not allow you to log on interactively :Server Standard 2003

Posted on 2010-09-02
7
438 Views
Last Modified: 2013-12-04
I am having an issue where any new user I create on Server Standard 2003 gets the error "the local policy of this system does not allow you to log on interactively" when they try to logon locally.

I compared group memberships with accounts that work correctly and they are the same. I verified that the default domain policy has the logon locally setting as not defined. However even when I do define it for "everyone" they still cannot logon.

The only workaround for this seems to be if I add the user as a domain admin.
0
Comment
Question by:Nathaniel_ScrivNET
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 14

Expert Comment

by:Wonko_the_Sane
ID: 33590693
Just to clarify: Logon locally = they are stting in front of the server? Or are they using RDP to connect?
0
 
LVL 7

Expert Comment

by:jamie_gillespie
ID: 33590721
Go to computer management on the Server and add the user into the appropriate local groups manually.

If you need further help with this let me know.
0
 
LVL 3

Expert Comment

by:sbo2002
ID: 33590746
Are these Terminal Services sessions? Have you verified that the users are members of the Remote Desktop Users security group on the server in question? Also verify that the Remote Desktop Users group has the "Allow Logon through Terminal Services" right.

Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:Nathaniel_ScrivNET
ID: 33596294
@Jaime
This is a domain. The accounts in question are domain accounts. They cannot logon to their domain profile at their machine.

@sbo2002
No these are local logins to domain profiles. .

@Wonko_the_Sane
They are at their workstation.


I have accounts that are already established that work fine. This is happening with any new accounts I create.
0
 
LVL 3

Expert Comment

by:Tommy_Cooper
ID: 33597037
Check your GPO for allowing local logon:
Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Allow logon locally

Or maybe you have set:
Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Deny logon locally

Check GPOs and local security policy on the workstations.
0
 

Expert Comment

by:Techguy23
ID: 33598305
Depending on your security policies you can make them a local administrator of their own machines which should give them the appropriate permissions to log on and manage their pc.
0
 

Accepted Solution

by:
Nathaniel_ScrivNET earned 0 total points
ID: 33658691
I figured it out, my employee gave me the wrong information. Thank you for your help/
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question