[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 472
  • Last Modified:

the local policy of this system does not allow you to log on interactively :Server Standard 2003

I am having an issue where any new user I create on Server Standard 2003 gets the error "the local policy of this system does not allow you to log on interactively" when they try to logon locally.

I compared group memberships with accounts that work correctly and they are the same. I verified that the default domain policy has the logon locally setting as not defined. However even when I do define it for "everyone" they still cannot logon.

The only workaround for this seems to be if I add the user as a domain admin.
0
Nathaniel_ScrivNET
Asked:
Nathaniel_ScrivNET
1 Solution
 
Wonko_the_SaneCommented:
Just to clarify: Logon locally = they are stting in front of the server? Or are they using RDP to connect?
0
 
Jamie GillespieSenior IT ConsultantCommented:
Go to computer management on the Server and add the user into the appropriate local groups manually.

If you need further help with this let me know.
0
 
sbo2002Commented:
Are these Terminal Services sessions? Have you verified that the users are members of the Remote Desktop Users security group on the server in question? Also verify that the Remote Desktop Users group has the "Allow Logon through Terminal Services" right.

Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
Nathaniel_ScrivNETAuthor Commented:
@Jaime
This is a domain. The accounts in question are domain accounts. They cannot logon to their domain profile at their machine.

@sbo2002
No these are local logins to domain profiles. .

@Wonko_the_Sane
They are at their workstation.


I have accounts that are already established that work fine. This is happening with any new accounts I create.
0
 
Tommy_CooperCommented:
Check your GPO for allowing local logon:
Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Allow logon locally

Or maybe you have set:
Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Deny logon locally

Check GPOs and local security policy on the workstations.
0
 
Techguy23Commented:
Depending on your security policies you can make them a local administrator of their own machines which should give them the appropriate permissions to log on and manage their pc.
0
 
Nathaniel_ScrivNETAuthor Commented:
I figured it out, my employee gave me the wrong information. Thank you for your help/
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now