Cannot login interactively...?

N

Noctaire

I have a Win2K3 server set up as a domain controller. Clients are running
Windows XP, fully patched.

I installed a brand spanking new box, joined it to the domain and gave a
user access to the system through the local system's "Add User" interface.
When I try to log that user in, I am told that the local policy does not
allow me to login interactively.

I've looked through the local policy but I do not see anywhere that
allows/disallows domain user logins.

HELP!
 
D

Doug Sherman [MVP]

Well, you cannot create a domain user with the "local system's "Add User"
interface." Are you trying to log onto the domain or the local machine?

Doug Sherman
MCSE, MCSA, MCP+I, MVP
 
N

Noctaire

Well, you cannot create a domain user with the "local system's "Add User"
interface." Are you trying to log onto the domain or the local machine?

I didn't create the domain user on the local system; I used that to give the
user permission to access the system.

The user was created on the domain server. I am trying to log into the
domain (selected from the pulldown) on the XP box.

James
 
D

Doug Sherman [MVP]

OK, although I'm not sure what you did on the local system to give this
domain user access. By default an XP Pro machine gives the Local Users
group the Allow logon locally right in User rights assignment. When such a
machine joins an Active Directory domain then by default the Domain Users
group is added to the local Users group. So I'd start by checking those
settings to see if they are different - also check the Deny local logon
right.

Doug Sherman
MCSE, MCSA, MCP+I, MVP

The Domain Users group is added to the Local Users group.
 
N

Noctaire

OK, although I'm not sure what you did on the local system to give this
domain user access.

I initially tried logging in, received the error I mentioned, so I figured I
would just create a local account for the time being for the user. The
system would not allow it though; the add user function instead added the
user to those allowed to logon to the system (or so it said).
By default an XP Pro machine gives the Local Users
group the Allow logon locally right in User rights assignment.

The local groups all have access to logon locally as listed in the local
policy editor.
When such a
machine joins an Active Directory domain then by default the Domain Users
group is added to the local Users group.

It's in there.
So I'd start by checking those
settings to see if they are different - also check the Deny local logon
right.

This has the Guest, Mcafee service, some support account, and ASPNet
accounts listed; no others.

My administrator account logs into the box both locally as well as the
domain, straight away -- no problem. This user account though, will not.
Every time it's the same error:

"The local policy of this system does not permit you to logon
interactively."

What am I missing?

James
 
N

Noctaire

Ok, never mind -- it's now working.

As a last ditch effort, I restarted the box. It just started working. I've
rebooted this thing two other times today; evidently the third time's the
charm.
 
D

Doug Sherman [MVP]

This is a fairly common experience and frequently is related to XP's fast
logon feature - it can take two or three logons for policies or the full
results of a domain join to take effect - go get 'em, Noctaire!

Doug Sherman
MCSE, MCSA, MCP+I, MVP
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top