Local Policy does not permit you to log on interactively

luciliacoelho
luciliacoelho used Ask the Experts™
on
I need to enable the users of a domain managed through a Windows 2008 Server R2 to log on locally on the domain controller.
I have tried to use the local Policy interface to change this but i can't find the parameter to change
Can someone give a help with this.
Kind regards
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Try this
http://www.techrepublic.com/article/solution-to-local-policy-does-not-permit-you-to-log-on-interactively/5313668

Solution to 'Local policy does not permit you to log on interactively'
16Comments.more +EmailPrintAdd to FavoritesDel.icio.usDiggHacker NewsLinkedInRedditTechnorati..By Jason "Hiner MCSE, CCNA"
August 20, 2004, 7:00am PDT
Problem
A user tries to log on to a Windows machine and receives theerror message "The local policy of this system does not permit you tolog on interactively." This can happen in a number of scenarios, and the way to resolve the issue depends on the cause of the problem.

Solution A
If the Local Security Policy is set to disallow local logonsto Everyone, then the error message will pop up for any user who triesto log on, including an administrator. This can be fixed in a couple of ways:

1.You can use the resource kit tool, Ntrights.exe, to change the local logon rights. For example, you could run this command: ntrights -m \\ProblemComputer -u Administrator +r SeInteractiveLogonRight.
2.You can open a command prompt from another computer on the same network, issue the command Net use x: \\ProblemComputer\C$ <Password> /u:Administrator, and then change to the directory %SystemRoot%\Security\Database. Rename Secedit.sdb to Secedit.old_sdb and copy a working version of a Secedit.sdb file from another computer running the same operating system (for example, Windows 2000 Professional).
Solution B
In Active Directory, if a Group Policy is setto Deny Logon Locally, users will encounter this error. In order tomitigate the problem, an administrator will need to change the policy, asexplained in this tip.

Solution C
If this error message pops up while a user is trying toconnect via Remote Desktop or a Terminal Services connection, the administratorwill need to take a different set of actions. For a Remote Desktop connection, Microsoft Knowledge BaseArticle 289289 explains how to overcome this error.

For Terminal Services clients,this error message could be caused by Terminal Services being installed on adomain controller; thistip explains what needs to be done in that case. For Windows NT Server 4.0 TerminalServer Edition, there could be a different problem, and Microsoft Knowledge BaseArticle 186529 shows what can be done to resolve the issue.
.
You will need to change the Default Domain Controllers GPO.

Computer Configuration\Windows Settings\Security Settings\User Rights Assignment\Log on Locally

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial