Unable to log into Win2K, local users prohibited, deleted from dom

G

Guest

Using Windows 2000 Server and Windows 2000 Professional client.

We have a network where the servers are part of a domain but the clients PCs
are not. The users use applications through a Citrix server.

I had a need to map a network drive and the quickest way to do it was to
join the client PC to the domain. Copied over the files, then deleted the
computer object through the Users and Computers AD app. After that, I could
not access the client PC. Attempting to log into the local machine results
in an error to the effect of 'The local policy of this system does not allow
you to logon interactively". And, after deleting the object, a user can not
log into the domain. The PC is inaccessible.

It appears that a vendor had set a group policy to disallow local logins to
domain members except to specific users (who never had access to this client).

Last Known Configuration did not solve the problem.

So, how can I do one of two things: either A.) alter the local policy on
the client without being able to access it, or B.) rejoin the PC to the
domain so I can apply a Group Policy? Deleting or changing the SID?

No user is currently able to log in to the PC, so anything with a registry
key, or somehow capturing it with the domain controller?

Thanks!
 
C

Chriss3 [MVP]

Start the computer in safe mode and edit the local policy should work.

--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
 
G

Guest

Thanks Christoffer, I had already tried starting up in Safe mode (without
networking) and still could not log in. Safe mode ran, and I got the login
box with both the domain and the local machine, local accounts gave the error
they couldn't log in interactively.

I can try it in Safe mode With networking, but I wouldnt' think that would
make a difference with the local accounts.

I somehow have to be able to get into this machine to modify the local policy!

Thanks again!
Aaron
 
C

Chriss3 [MVP]

You have to logon as the built-in administrator during safe mode, since it
can't be disabled in safe mode. Other accounts are still disabled or
prevented in safe mode.

--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
 
G

Guest

I've started up in Safe Mode, Safe Mode with Networking, and Safe Mode with
Command Prompt. Attempted to logon as "Administrator". All three methods
result in the same error - The local policy of this system does not permit
yoiu to logon interactively. Is there a deeper-level Administrator account?
 
C

Chriss3 [MVP]

Are you sure you logging in locally? if so I have never seen a such issue
before.
If the workstation is critical, you may running a repair of Windows.

--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
 
G

Guest

We were trying to log in locally.

We ended up replacing the security hive in the Windows directory with the
one from the Repair directory. Problem solved.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Win2K client: unable to login locally, deleted from domain 3
Unable to Log on to Domain and Local Host 2
child domain logging to parent domain 1
Group Policy not applying over Network to XP users 4
the local policy of this system does not allow you to login interactively 5
Error "the local policy of this system does not permit.. 3
Local admin privileges gone haywire 1
No access to local machine 1

Top