Need help ASAP.

R

RM

Hi, I just want to ask everybody if someone already
encountered an error "The Local policy of this system does
not permit you to log on interactively" on a domain
environment? I have no idea who configured the server but
it was just given to me by our company. The only
information that I've got is every account can login to
the server physically as long as they are a member of
Administrator, however, the only account that couldn't is
the ADMINISTRATOR itself. Everytime the Administrator
tries to login, the only message that I have is "The Local
policy of this system does not permit you to log on
interactively." Is there anyone out there who can direct
me to the right track on what to do? I already checked the
Local and Domain policy and I didn't see the Administrator
on the Deny Login field. Thanks and have a nica day.


Russell
 
C

Chriss3

RM Built-in Administrator can't be added to the Deny Login field so far I
know. How ever is it in the Allow Logon Locally logon field? If you define
this policy for a user or group, you must also give the Administrators group
this right.

On workstations and servers: Administrators, Backup Operators, Power Users,
Users, and Guest.

On domain controllers: Account Operators, Administrators, Backup Operators,
Print Operators, and Server Operators.

That's the defaults!
 
R

RM

Thanks for the prompt response but I've checked those and
still the ADMINISTRATOR account gets that error message.
Are there any other ideas why it's doing that? Thanks and
Have a nice day.


Russell


-----Original Message-----
RM Built-in Administrator can't be added to the Deny Login field so far I
know. How ever is it in the Allow Logon Locally logon field? If you define
this policy for a user or group, you must also give the Administrators group
this right.

On workstations and servers: Administrators, Backup Operators, Power Users,
Users, and Guest.

On domain controllers: Account Operators,
Click to expand...
Administrators, Backup Operators,
 
C

Chriss3

Russell did you checked this in Default Domain Security Policy and Default
Domain Controller Security Policy? also you may should use the command line
based tool secedit to refresh the policy to ensure your changes are applied.

secedit /refreshpolicy MACHINE_POLICY
secedit /refreshpolicy USER_POLICY

Have a nice day!
 
R

RM

Yesy, I checked both and they are the same. Another
strange thing here is I tried creating an account with all
the groups that an ADMINISTRATOR is a member of and
everything works fine. I really need to have the
Administrator Account to be able to login so I hope that
someone can answer this. And by the way, re-running
DCPROMO is not an option. Thanks again.


RM
 
C

Chriss3

Type gpedit.msc in the Run field and see if Administrator appears Allow
Logon Locally here too. are you trying this in front of the machine physical
and not over RDP?
 
C

Cary Shultz [A.D. MVP]

Howdy! Howdy!

RM, take a look at this MSKB Article:

http://support.microsoft.com/?id=276590

Does this help? Has any group been explicitly given the "deny logon
locally" user right? Is it possible that the Administrator account is a
member of that group?

HTH,

Cary
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Error "the local policy of this system does not permit.. 3
local logon on member servers 1
Domain policy vs local policy 4
No access to local machine 1
Windows 2003 AD (User Denied Access) 1
Trying to create mandatory profiles.... 6
ERROR--- administrator can't log in to w2k active server 2
child domain logging to parent domain 1

Top