Solved

the local policy of this system does not allow you to log on interactively :Server Standard 2003

Posted on 2010-09-02
7
407 Views
Last Modified: 2013-12-04
I am having an issue where any new user I create on Server Standard 2003 gets the error "the local policy of this system does not allow you to log on interactively" when they try to logon locally.

I compared group memberships with accounts that work correctly and they are the same. I verified that the default domain policy has the logon locally setting as not defined. However even when I do define it for "everyone" they still cannot logon.

The only workaround for this seems to be if I add the user as a domain admin.
0
Comment
Question by:Nathaniel_ScrivNET
7 Comments
 
LVL 14

Expert Comment

by:Wonko_the_Sane
ID: 33590693
Just to clarify: Logon locally = they are stting in front of the server? Or are they using RDP to connect?
0
 
LVL 7

Expert Comment

by:jamie_gillespie
ID: 33590721
Go to computer management on the Server and add the user into the appropriate local groups manually.

If you need further help with this let me know.
0
 
LVL 3

Expert Comment

by:sbo2002
ID: 33590746
Are these Terminal Services sessions? Have you verified that the users are members of the Remote Desktop Users security group on the server in question? Also verify that the Remote Desktop Users group has the "Allow Logon through Terminal Services" right.

Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:Nathaniel_ScrivNET
ID: 33596294
@Jaime
This is a domain. The accounts in question are domain accounts. They cannot logon to their domain profile at their machine.

@sbo2002
No these are local logins to domain profiles. .

@Wonko_the_Sane
They are at their workstation.


I have accounts that are already established that work fine. This is happening with any new accounts I create.
0
 
LVL 3

Expert Comment

by:Tommy_Cooper
ID: 33597037
Check your GPO for allowing local logon:
Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Allow logon locally

Or maybe you have set:
Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Deny logon locally

Check GPOs and local security policy on the workstations.
0
 

Expert Comment

by:Techguy23
ID: 33598305
Depending on your security policies you can make them a local administrator of their own machines which should give them the appropriate permissions to log on and manage their pc.
0
 

Accepted Solution

by:
Nathaniel_ScrivNET earned 0 total points
ID: 33658691
I figured it out, my employee gave me the wrong information. Thank you for your help/
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now