Interactivity Logon not permitted


G. Vaught

I don't know what I exactly did, but somehow I am prevented from not only
logging on as an Admin, but under my own user name. The message I get is:
"The local policy of the system does not permit you to logon interactively.
I did a search on the Knowledge Base and did have info returned, but I
accidently closed the results and now when I search again, I don't get the
same results.

I did see a similar post so I downloaded the Windows Server 2003 Resource
Kit and tried a few things under ntrights, but I don't believe it will work
from my laptop.

Here is some background.

Windows 2000 Pro NTFS Networked as a workgroup.

Replaced current hd due to failure of other.

Was in the process of trying to get back my ability to network from my
laptop (Windows XP NTFS) back to my desktop.

Was able to get reverse connection Desktop to Laptop, but can't from Laptop
to Desktop through windows.

Prior to goof, could log on as Admin w/password; could not logon with own
username / password SO

Open windows security to verify I had logon locally privileges. Made a few
changes, some I remember:
Renamed Administrator Account
Disabled Guest Account
Audit the access of global system objects to - Enabled
Do not display last user name - Enabled
Changed number of Logon cached from 10 to 5
I do not think I denied anyone to log on locally, but may have added Guest.
I do not think I change anything with requiring Domain Controller
authentication to unlock workstation as I don't have a domain controller,
just a workgroup
I may have changed: Do not allow anonymous enumerations of SAM accounts
and/or Shares. May have changed both to enabled.

Any help in correcting this problem would greatly be appreciated.

If worse comes to worse I guess I can reinstall Windows 2000 Pro. I did make
a ERD yesterday, so I could apply this after the install and because of my
other hd failure I do have data backups.

Steven L Umbach

Somehow you botched up the logon locally or deny logon locally user rights
or are trying to logon as an account that does not have logon locally user
rights. If you still have network access you should be able to use Computer
Management from your XP computer to view the security logs on the Windows
2000 computer to see what is recorded in the security logs [if auditing is
enabled for logon events] and you should also be able to view Local Users
and Groups to see what users are in the administrators group to try and
logon as. There is a free tool called dumpsec from SomarSoft that may allow
you to view the user rights of the Windows 2000 computer when installed on
the XP Pro computer and using the option for select computer. Another thing
you could try assuming you have network connectivity for file and printer
sharing between the two computers is to use psexec from SysInternals to
remotely access the command prompt on your Windows 2000 computer and run
commands such as secedit to try and reset user rights and security options
to default levels as shown in the first link below. Note that you have the
option to use the /areas switch if you do not want to reset everything
though at minimum I would start with user_rights and then try securitypolicy
if that does not help. --- Steve;EN-US;313222 --- using
secedit to reset security settings to default defined levels --- psexec


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question