the local policy of this system does not permit you to logon interactively

Today, our users started receiving the error message “the local policy of this system does not permit you to logon interactively” while trying to login on the domain from their computers.

In AD Default Domain Policy, we have “Allow Logon Locally” under Local Policies/User Rights Assignments enabled for “Everyone” group.

If a user is promoted to administrator, they can login, but not is they are users.
Who is Participating?
AwinishConnect With a Mentor Commented:
First,no modification is recommended on default domain & default domain controller policy.

If its desktop like XP machine,you don't require explicit right esp GPO for log on locally but for RDP & server, yes you require to give them explicit permission through GPO. 

Check what went wrong on the client machine,logs & even viewer,any changes done on GPO to restrict log on locally.
Check  the Deny log on locally policy.  It would override!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.