The local policy of this system does not permit you to logon interactively

L

Len

I have Windows XP Professional (tablet edition)running on
my laptop. I use to always logon as the Administrator
with no pw. When I now try to logon I get the error
message "The local policy of this system does not permit
you to logon interactively." I tried logging in via Safe
Mode but I still get this message.

Any ideas on what I can do?
 
D

Doug Knox MS-MVP

Your password isn't the issue, its a registry restriction that prevents your user (or user group) from logging into the machine from the local console. Is the machine on a network? Do you know someone that has a network that you might be able to hook it up to?

If you have access to the affected computer via a LAN connection, from a Windows XP or Windows 2000 machine:

On the other machine, click Start, Run and enter REGEDIT (REGEDT32 on Windows 2000, and note REGEDT32 works differently than Regedit) Once there, go to File, Connect Network Registry. Type in the machine name of the affected computer. You'll see another computer icon listed at the bottom of the tree, with that machine name. Expand it and go to HKEY LOCAL MACHINE\Security. Right click on the Security subkey and select permissions. Give Administrators "Full Control". Press the F5 key to refresh the view in REGEDIT. Now you should be able to see the subkeys under Security. In the Security subkey, go down to Policy\Accounts. Look for the account that matches yours. This is by the SID. The SID is the number that looks similar to this:

HKEY LOCAL MACHINE\SECURITY\Policy\Accounts\S-1-5-21-1606980848-1604221776-725345543-1014

Your account will be one of the longer SID strings. The shorter ones are not user accounts.

There is no way to tell from the contents of the keys, which SID belongs to who. You can download a small VBS script from:

http://www.dougknox.com/xp/scripts/xp_accountsid.vbs

This script will allow you to enter the machine name of the problem machine and extract a list of SID's/User information and display it in Notepad. Do not use the \\name convention, just enter the machine name.

Once you've determined the correct SID for your user account, right click the appropriate subkey and select Export. This creates a backup, just in case. Then right click the same key and select Delete.

Next, right click the computer icon for the remote computer and select Disconnect, to disconnect the remote Registry. You should now be able to log on locally to the affected machine. You may need to reboot the machine for the change to take effect.

If not, then reconnect to the remote computer's registry and re-import the REG file you exported earlier. And if this doesn't work, your only option may be a paralell installation of XP and then recover your data from the problem system.
 
G

Guest

Doug, I tried all that you recommended with no luck. I
cannot get access to my laptop from my desktop/lan.
REGEDIT doesn't recognize my laptop and neither does
xp_accountsid.vbs. When I look at my network neighborhood
my laptop doesn't show up.

Any suggestions?

Thanks for your help.

Len

-----Original Message-----
Your password isn't the issue, its a registry restriction
that prevents your user (or user group) from logging into
the machine from the local console. Is the machine on a
network? Do you know someone that has a network that you
might be able to hook it up to?
If you have access to the affected computer via a LAN
connection, from a Windows XP or Windows 2000 machine:
On the other machine, click Start, Run and enter REGEDIT
(REGEDT32 on Windows 2000, and note REGEDT32 works
differently than Regedit) Once there, go to File,
Connect Network Registry. Type in the machine name of
the affected computer. You'll see another computer icon
listed at the bottom of the tree, with that machine name.
Expand it and go to HKEY LOCAL MACHINE\Security. Right
click on the Security subkey and select permissions. Give
Administrators "Full Control". Press the F5 key to
refresh the view in REGEDIT. Now you should be able to
see the subkeys under Security. In the Security subkey,
go down to Policy\Accounts. Look for the account that
matches yours. This is by the SID. The SID is the number
that looks similar to this:
HKEY LOCAL MACHINE\SECURITY\Policy\Accounts\S-1-5-21- 1606980848-1604221776-725345543-1014

Your account will be one of the longer SID strings. The
shorter ones are not user accounts.
There is no way to tell from the contents of the keys,
which SID belongs to who. You can download a small VBS
script from:
http://www.dougknox.com/xp/scripts/xp_accountsid.vbs

This script will allow you to enter the machine name of
the problem machine and extract a list of SID's/User
information and display it in Notepad. Do not use the
\\name convention, just enter the machine name.
Once you've determined the correct SID for your user
account, right click the appropriate subkey and select
Export. This creates a backup, just in case. Then right
click the same key and select Delete.
Next, right click the computer icon for the remote
computer and select Disconnect, to disconnect the remote
Registry. You should now be able to log on locally to the
affected machine. You may need to reboot the machine for
the change to take effect.
If not, then reconnect to the remote computer's registry
and re-import the REG file you exported earlier. And if
this doesn't work, your only option may be a paralell
installation of XP and then recover your data from the
problem system.
--
Doug Knox, MS-MVP Windows XP/ Windows Smart Display
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

"Len" <[email protected]> wrote in
message news:[email protected]...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top