Cannot logon with domain user account



Add domain account to local machine "Users" group and
attempt to log in. Get error message "The Local Policy
of this system does not permit you to log on

Adding account to local "Administrators" group will not
produce problem.

Go to "Local Security Settings-Local Policy-User Rights
Assignment" and all options (specifically Log on Locally
properties) are greyed out. These settings get turned
off once computer is added to a domain and removing from
a domain will not return these setting options!

Bug with XP - unable to work around.
Any suggestions greatly appreciated!!

David Jones

It's not a bug.
On your domain controller, you need to change the Domain
Security Policy (in administrative tools) to allow Domain
Users to log on locally.
Right now, the DC is telling all machines in the domain
what policy they should set. You need to change what the
DC is telling the machines, hence the above.

Roger Abell

As indicated, an AD enforced GPO is controlling
the group policies of the local machine. This GPO
may or may not be set at the domain level.
After the machine is removed from domain, and then
rebooted a couple times, is the old domination of the
local policy not cleared ?

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question