Re: Does not permit login interactively

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 08/04/04

• Next message: Ryan: "Re: Does not permit login interactively"
• Previous message: Ryan: "Does not permit login interactively"
• In reply to: Ryan: "Does not permit login interactively"
• Next in thread: Ryan: "Re: Does not permit login interactively"
• Reply: Ryan: "Re: Does not permit login interactively"
• Messages sorted by: [ date ] [ thread ]

Date: Wed, 04 Aug 2004 04:21:59 GMT

I don't know exactly what happened but what you describe is due to either not having
the right to logon locally or being a member of a group listed in the deny logon
locally user right. I believe you are saying this is happening on a domain
controller. You want the Domain Controller Security Policy to have at least
administrators listed in the logon locally user right and have the deny logon locally
user right defined but not including any user/groups. If the users/authenticated
users group is included in deny logon locally, that will prevent administrators from
logging on locally.

If you can logon to a domain member computer as a domain administrator, install
adminpak on that computer from the install cdrom for Windows 2000 Server in the /I386
folder and use that Windows 2000 domain workstation to manage Domain Controller
Security Policy to configure logon locally user right to have the administrators
group and the deny logon locally user right to be defined but empty. Go to security
settings/local policies/user rights to find those user rights. Keep in mind that if
your domain is in native mode that users must have access to a catalog server to
logon to the domain though administrators, at least the built in domain administrator
account, should still be able to logon if one can not be contacted. --- Steve

"Ryan" <ryanrhyme@excite.com> wrote in message
news:edC4sIdeEHA.2848@TK2MSFTNGP10.phx.gbl...
> Hi everyone,
>
> Quick question:
> (1) May I know what could be the reason lead to prompting of "Local Policy
> of this system does not permit you to login interactively" message.
>
> (2) Based on what I did, is there anything I did that can cause the error:
> I didn't do any changes on the GPO, actually I'm having problem
> bringing up the GPO from the properties menu of "Active Directory Users and
> Computers", (right-click domain, click properties). I was troubleshooting
> the DNS and did some changes on DNS, I have "disabled" one of our 3 DC as
> the GC (not on the server I'm working on, it's another DC in the same
> domain); I also take off the preferred IP transport as preferred bridgehead
> to the other 2 DC. After all these changes made, I reboot the server into
> DS Reovery Mode (to restore the last best known good system state). We are
> unable to log on to the local machine, we have no choice but to boot it back
> to normal mode again, after that reboot, we no longer can logon to the
> server.
>
> Thank you so much. Your prompt replies are very much appreciated.
>
> Ryan
>
>

• Next message: Ryan: "Re: Does not permit login interactively"
• Previous message: Ryan: "Does not permit login interactively"
• In reply to: Ryan: "Does not permit login interactively"
• Next in thread: Ryan: "Re: Does not permit login interactively"
• Reply: Ryan: "Re: Does not permit login interactively"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint