Re: Cannot login using new accounts

"Paul Smith" <teknologix007@xxxxxxxxx> wrote in message news:OFzmpCljIHA.5208@xxxxxxxxxxxxxxxxxxxxxxx
Cannot login using new accounts

I am encountering logon problems when using new created profiles....some old profiles work well.

problem: "The local policy of this system does not permit you to logon interactively"


logins created on win 2003 server
logging from an xp client connected to server

Not exactly sure what you are saying here.

If you created local accounts on a 2003 member server or stand-alone server, and you are trying to use RDP to log on to that server, the users must be part of the local 'users' or 'power users' group to have logon privs on that server. Alternately, you could use gpedit.msc to allow 'log on locally' rights to whatever accounts you want. (Computer Configuration\Windows\Security\Local Policies).

If that server is a domain controller, then there are no local users or local 'users' group. Users must be members of 'Domain Admins' or 'Enterprise Admins' to have logon privs on the domain controller. Alternately, you could modify the default domain controllers OU GPO to specify 'log on locally' rights for domain controllers. (Again, see the path above).

If you created domain accounts on a 2003 server, and you are trying to log on to an xp workstation that is joined to that domain, then the user accounts need to be members of the local 'users' group on the workstation. Typically, domain computers include 'Domain Users' in the local 'users' group, and all domain accounts are members of 'Domain Users'.

John R


Relevant Pages

  • Re: Please help refresh my memory on AD DC
    ... Also when I promoted this Server 2008 box it did somthing that was not normal. ... DC would the only logon be a Domain logon or would the option to logon ... to Logon locally I would use the admin account of the Server 2003 machine. ... If you promote a server to Domain controller, there is no renaming of the ...
  • Re: Domain unavailable for some logons
    ... You probably have a dns problem and the computer that you can not logon to ... with the domain account can not find the domain controller. ... > couple logon accounts for most of the 25 PC's. ...
  • Re: Windows 2003 member server with Windows 2000 Domain Controller
    ... If anyone is having a Windows 2003 member server with a Windows 2000 ... Windows cannot obtain the domain controller name for your computer ... There are currently no logon servers available to service the logon ...
  • Re: Domain Password Security
    ... accounts need to use complex passwords and minimum of ntlmv2 should be used for lan ... Services Client and configuring authentication level on Domain Controller Security ... controllers if you have all W2K/XP computers. ... I also recommend you enable auditing of account logon and logon ...
  • Re: Domain Password Security
    ... Domain Controller Security ... >controllers if you have all W2K/XP computers. ... >administrator accounts only when needed to, ... account logon and logon ...