Re: Does not permit login interactively

• Previous message: Steven L Umbach: "Re: Does not permit login interactively"
• In reply to: Steven L Umbach: "Re: Does not permit login interactively"
• Messages sorted by: [ date ] [ thread ]

Date: Wed, 4 Aug 2004 14:15:06 +0800

I have actually solved the problem by resetting the machine password and do
a system state restore. Yes, I cannot logon to the DC with the Domain
Administrator password. I do not know how it happened, that's why I want to
find out the cause of the problem, the starnge thing is that I didn't do
anything on GPO.

"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:HvZPc.85680$eM2.74490@attbi_s51...
> I don't know exactly what happened but what you describe is due to either
not having
> the right to logon locally or being a member of a group listed in the deny
logon
> locally user right. I believe you are saying this is happening on a domain
> controller. You want the Domain Controller Security Policy to have at
least
> administrators listed in the logon locally user right and have the deny
logon locally
> user right defined but not including any user/groups. If the
users/authenticated
> users group is included in deny logon locally, that will prevent
administrators from
> logging on locally.
>
> If you can logon to a domain member computer as a domain administrator,
install
> adminpak on that computer from the install cdrom for Windows 2000 Server
in the /I386
> folder and use that Windows 2000 domain workstation to manage Domain
Controller
> Security Policy to configure logon locally user right to have the
administrators
> group and the deny logon locally user right to be defined but empty. Go to
security
> settings/local policies/user rights to find those user rights. Keep in
mind that if
> your domain is in native mode that users must have access to a catalog
server to
> logon to the domain though administrators, at least the built in domain
administrator
> account, should still be able to logon if one can not be contacted. ---
Steve
>
>
> "Ryan" <ryanrhyme@excite.com> wrote in message
> news:edC4sIdeEHA.2848@TK2MSFTNGP10.phx.gbl...
> > Hi everyone,
> >
> > Quick question:
> > (1) May I know what could be the reason lead to prompting of "Local
Policy
> > of this system does not permit you to login interactively" message.
> >
> > (2) Based on what I did, is there anything I did that can cause the
error:
> > I didn't do any changes on the GPO, actually I'm having problem
> > bringing up the GPO from the properties menu of "Active Directory Users
and
> > Computers", (right-click domain, click properties). I was
troubleshooting
> > the DNS and did some changes on DNS, I have "disabled" one of our 3 DC
as
> > the GC (not on the server I'm working on, it's another DC in the same
> > domain); I also take off the preferred IP transport as preferred
bridgehead
> > to the other 2 DC. After all these changes made, I reboot the server
into
> > DS Reovery Mode (to restore the last best known good system state). We
are
> > unable to log on to the local machine, we have no choice but to boot it
back
> > to normal mode again, after that reboot, we no longer can logon to the
> > server.
> >
> > Thank you so much. Your prompt replies are very much appreciated.
> >
> > Ryan
> >
> >
>
>

• Previous message: Steven L Umbach: "Re: Does not permit login interactively"
• In reply to: Steven L Umbach: "Re: Does not permit login interactively"
• Messages sorted by: [ date ] [ thread ]