dankyle67
asked on
"the local policy of this system does not permit you to logon interactively" on xp machine
Hi,
got report that one of our users tried logging into their xp machine in windows 2003 domain and got error that local policy wont permit logon interactively. Only admin works and this was ok day before. Used gpedit to look at local security policy under user rights assignment and saw that only domain admins allowed on machine and add button grayed out so cant add any other users. Most likely this was caused by a microsoft update as i have seen it before with remote desktop getting same error after an update. Temporarily put them in domain admin group and able to get in but obviously dont wanna keep this setting. Is there a way to override the local policy with domain wide policy to allow user to get into their machine? Would removing from domain then joining again work? thanks also tried system restore but didnt work so not sure now if it was an update.
got report that one of our users tried logging into their xp machine in windows 2003 domain and got error that local policy wont permit logon interactively. Only admin works and this was ok day before. Used gpedit to look at local security policy under user rights assignment and saw that only domain admins allowed on machine and add button grayed out so cant add any other users. Most likely this was caused by a microsoft update as i have seen it before with remote desktop getting same error after an update. Temporarily put them in domain admin group and able to get in but obviously dont wanna keep this setting. Is there a way to override the local policy with domain wide policy to allow user to get into their machine? Would removing from domain then joining again work? thanks also tried system restore but didnt work so not sure now if it was an update.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sounds good, can you tell me the best way to access group policy management console in the windows 2003 domain controller so i can look at these. Is there a way to view them through active directory? I tried running gpmc.msc but got error.
gpedit.msc but you must have the Group Policy Management console installed from the Active Directory Mgmt Pack
ASKER
i can actually run gpedit.msc on the domain controller so i guess i have it installed. From there which section should i look at or how do i create a policy to allow that user to log on to their machine and thus override the local policy currently set on it which is as i mentione grayed out so i cant add them as a user. Is there a way to correct the local policy on that pc so i can correct the grayed out button to add users is my other question?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok thats a new one i havent heard of yet and looks useful so i will try later today after hours but still wanted to know about how to set up new policy or edit existing one which in other words would allow a certain user i select to be able to log on locally to any machine on the 2003 domain without being in the domain admins group so is there a way to do this? thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok thanks
Run RSOP.MSC to see if the machine is applying policies, if not, what errors are being reported should be displayed there.