Interactive logon

C

carrport

I created a test user and when attempting to log on to W2K
DC with test domain account I get the following message :

"local policy of this system does not permit you to log on
interactively"
 
P

Paul Adare

microsoft.public.win2000.security news group, carrport
I created a test user and when attempting to log on to W2K
DC with test domain account I get the following message :

"local policy of this system does not permit you to log on
interactively"
Click to expand...

By design. Normal users (non-admins) should not be logging on to a
domain controller at the console.

You can change this in the Default Domain Controllers Policy by
modifying the Logon Locally user right, but from a security perspective,
not a good idea.
 
I

IBTerry [MSFT]

The user is not a domain admin? Correct?
If so you need to add the new user into group policy for the "allow logon
locally" user right.

IBTerry [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
 
M

MSFT

--------------------
Content-Class: urn:content-classes:message
From: "carrport" <[email protected]>
Sender: "carrport" <[email protected]>
Subject: Interactive logon
Date: Wed, 19 Nov 2003 12:22:03 -0800
Lines: 7
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcOu2ss+A2YoOqyPRNmppvzQbnHw0w==
Newsgroups: microsoft.public.win2000.security
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.security:15903
NNTP-Posting-Host: tk2msftngxa12.phx.gbl 10.40.1.164
X-Tomcat-NG: microsoft.public.win2000.security

I created a test user and when attempting to log on to W2K
DC with test domain account I get the following message :

"local policy of this system does not permit you to log on
interactively"
Click to expand...

Howdy!

By default, normal users are not allowed to log on to the console of a
Domain Controller. You can check who currently has this right by looking
at the Domain Controllers Group Policy. Check the "Log on Locally" right.

You should control access to the console of your Domain Controllers, so it
is strongly recomended that you do NOT allow regular domain users to log on
locally.

/Siddharth
PSS Security
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Logon Message 2
auditing logons - someone please clear this #@#$! up. 3
Cant logon to local machine (this computer) as administrator 4
Windows log on problem 1
Can not logon locally 1
Question about Log on Locally Policy. 4
FOR A SKILLED IT EXPERT - WIN2K SERVER - DOMAIN CONTROLLER 12
Interactive users group - Could it be a BUG ? 1

Top