Does not permit login interactively

  • Thread starter Thread starter Ryan
  • Start date Start date
R

Ryan

Hi everyone,

Quick question:
(1) May I know what could be the reason lead to prompting of "Local Policy
of this system does not permit you to login interactively" message.

(2) Based on what I did, is there anything I did that can cause the error:
I didn't do any changes on the GPO, actually I'm having problem
bringing up the GPO from the properties menu of "Active Directory Users and
Computers", (right-click domain, click properties). I was troubleshooting
the DNS and did some changes on DNS, I have "disabled" one of our 3 DC as
the GC (not on the server I'm working on, it's another DC in the same
domain); I also take off the preferred IP transport as preferred bridgehead
to the other 2 DC. After all these changes made, I reboot the server into
DS Reovery Mode (to restore the last best known good system state). We are
unable to log on to the local machine, we have no choice but to boot it back
to normal mode again, after that reboot, we no longer can logon to the
server.

Thank you so much. Your prompt replies are very much appreciated.

Ryan
 
I don't know exactly what happened but what you describe is due to either not having
the right to logon locally or being a member of a group listed in the deny logon
locally user right. I believe you are saying this is happening on a domain
controller. You want the Domain Controller Security Policy to have at least
administrators listed in the logon locally user right and have the deny logon locally
user right defined but not including any user/groups. If the users/authenticated
users group is included in deny logon locally, that will prevent administrators from
logging on locally.

If you can logon to a domain member computer as a domain administrator, install
adminpak on that computer from the install cdrom for Windows 2000 Server in the /I386
folder and use that Windows 2000 domain workstation to manage Domain Controller
Security Policy to configure logon locally user right to have the administrators
group and the deny logon locally user right to be defined but empty. Go to security
settings/local policies/user rights to find those user rights. Keep in mind that if
your domain is in native mode that users must have access to a catalog server to
logon to the domain though administrators, at least the built in domain administrator
account, should still be able to logon if one can not be contacted. --- Steve
 
I have actually solved the problem by resetting the machine password and do
a system state restore. Yes, I cannot logon to the DC with the Domain
Administrator password. I do not know how it happened, that's why I want to
find out the cause of the problem, the starnge thing is that I didn't do
anything on GPO.
 
You must log in or register to reply here.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

The local policy of this system does not permit you to logon interactively. 6
Win2000 Terminal Server Logons not permitted 5
Group Policy - login Script 4
Local Policy Prevents Login Interactively 1
Event ID 1058 error The format of the specified network name isinvalid Options 0
Event ID 1058 error The format of the specified network name is invalid 0
Domain Controller GPO 4
Local policy does not allow interactive login 3

Back
Top