the local policy of this system does not allow you to log on interactively :Server Standard 2003

I am having an issue where any new user I create on Server Standard 2003 gets the error "the local policy of this system does not allow you to log on interactively" when they try to logon locally.

I compared group memberships with accounts that work correctly and they are the same. I verified that the default domain policy has the logon locally setting as not defined. However even when I do define it for "everyone" they still cannot logon.

The only workaround for this seems to be if I add the user as a domain admin.
Nathaniel_ScrivNETAsked:
Who is Participating?
 
Nathaniel_ScrivNETConnect With a Mentor Author Commented:
I figured it out, my employee gave me the wrong information. Thank you for your help/
0
 
Wonko_the_SaneCommented:
Just to clarify: Logon locally = they are stting in front of the server? Or are they using RDP to connect?
0
 
Jamie GillespieSenior IT ConsultantCommented:
Go to computer management on the Server and add the user into the appropriate local groups manually.

If you need further help with this let me know.
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 
sbo2002Commented:
Are these Terminal Services sessions? Have you verified that the users are members of the Remote Desktop Users security group on the server in question? Also verify that the Remote Desktop Users group has the "Allow Logon through Terminal Services" right.

Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment
0
 
Nathaniel_ScrivNETAuthor Commented:
@Jaime
This is a domain. The accounts in question are domain accounts. They cannot logon to their domain profile at their machine.

@sbo2002
No these are local logins to domain profiles. .

@Wonko_the_Sane
They are at their workstation.


I have accounts that are already established that work fine. This is happening with any new accounts I create.
0
 
Tommy_CooperCommented:
Check your GPO for allowing local logon:
Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Allow logon locally

Or maybe you have set:
Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Deny logon locally

Check GPOs and local security policy on the workstations.
0
 
Techguy23Commented:
Depending on your security policies you can make them a local administrator of their own machines which should give them the appropriate permissions to log on and manage their pc.
0
All Courses

From novice to tech pro — start learning today.