Re: Domain Users receive "The Local Policy Of This System"

Hello Chef3Fingers,

Thank you for your shared experience.

I am sorry for the delay in responding due to weekend, thanks for the
understanding.

Please note the partner managed newsgroups are staffed weekdays by
Microsoft Support professionals. Our goal is to provide a one business day
response to all posts.

For time critical issues (not business down), we encourage you to contact
CSS directly for more immediate assistance:
International Support (non-US/Canada):
http://support.microsoft.com/common/international.aspx

US and Canada:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone

Yes, you are right. By default, on SBS Sever, the 'SBS Remote Operators'
group is added into the Deny Logon Locally security setting. The 'Domain
Power User' is a sub-group of 'SBS Remote Operators' so they do not have
Log On Locally permission.

If the user account belongs to these user groups or created by the Power
Users user template, logon locally permission will be denied. So please
make sure that the user account is not a member of the Domain Power users
group or SBS Remote Operators group. To do so:

a. In Server Management\Users, right click the user account, select
properties.
b. Go to Member of tab.

"The local policy of this system does not permit you to logon
interactively" error message when you try to log on to a computer that is
running Windows Small Business Server 2003 by using an Administrator account
http://support.microsoft.com/?id=841188

I appreciate your time and cooperation.

Have a nice day!

Best regards,

Nathan Liu (MSFT)
Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.




--------------------
>Thread-Topic: Domain Users receive "The Local Policy Of This System"
>thread-index: AcYYmtAYerPQhRuCRC+UdkbfA5nZHw==
>X-WBNR-Posting-Host: 66.126.217.136
>From: "=?Utf-8?B?Q2hlZiAzIEZpbmdlcnM=?="
<Chef3Fingers@xxxxxxxxxxxxxxxxxxxxxxxxx>
>References: <A8F3F73B-18D5-44E8-AB30-8697DC760A39@xxxxxxxxxxxxx>
<1136526239.092554.179130@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
>Subject: Re: Domain Users receive "The Local Policy Of This System"
>Date: Fri, 13 Jan 2006 15:41:02 -0800
>Lines: 61
>Message-ID: <6B4B2A4F-682E-4234-A5CE-D2A865E72442@xxxxxxxxxxxxx>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 8bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:236539
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>Hi, I was having a similar problem with not being able to logon locally.
>I was trying to logon to the console of an SBS2003SP1 Premium server.
>
>I would get a message with my admin account:
>"To log onto a remote computer you must be granted the "allow logon
through
>terminal Services right. By default..." My backup accounts and the domain
>local admin account were working fine.
>
>I logged on with by backup account and renamed the profile so the account
>that was not working.
>I tried logging on again.
>This time I received the message "Local Policy Does Not Permit You to Log
On
>Interactively" ... I read some more in this news group. I then tired the
RSOP
>to see if there were problems... there were none.
>I then decided to check group membership.
>
>I found that there were quite a few memberships that the failing account
was
>in that the succeeding account was not.
>
>In the failing account I removed membership from the
>Builtin\Administrators account
>yourdomainname\\Domain Power Users
>I then tried to login with the account that had been failing. - SUCESS
>I wanted to post right away because I saw many having this issue.
>I added back the Builtin\Administrators â?? I was still able to log on
with no
>issue.
>
>I did not try adding membership back to the â??yourdomainname\\Domain
Power
>Usersâ?? group. I will leave that up to you to test â?? hope this helps.
>
>
>"Santy" wrote:
>
>> Hello,
>>
>> My SBS2003 will not allow any user even Administrator to logon - even
>> directly through the server. It would say "the Local policy of this
>> system does not allow you to logon interactively".
>>
>> All my users are locked out on their client computers and As an
>> Administrator I am not able to login to the Server.
>>
>> PLEASE HELP - other than reinstall, how do I change the permisisons ?
>> I guess some group memebrship was changed for the Administrator few
>> days back, and today the server restarted after some security Patches.
>>
>> HELP - Serious. Thanx.
>>
>>
>> - Santy
>>
>>
>> AMack wrote:
>> > Hello,
>> >
>> > When a domain users logon to a computer on the domain. With out
being
>> > added the to the Local Administrator group of the computer the receive
"The
>> > local policy of this system does not permit you to logon Interactively"
>> > PLEASE HELP me I don't want to touch every PC.
>>
>>
>

.

Relevant Pages

  • Re: Logoff / Slow Bootups / Outlook attachements / Outlook Not res
    ... are going to be using two of the problematic machines. ... When you logon the problematic user account on the good user's computer, ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: Exchange Password
    ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... |> course of logging on to the Exchange server. ... if the local account uses the same ...
    (microsoft.public.windows.server.sbs)
  • Re: sbs roaming profile not loading on local client
    ... Log on the server as an administrator. ... Repeat step 3 to step 5 to change the owner to the newly created account. ... supported in the private newsgroup and you may post to the public newsgroup ... Microsoft Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • RE: ISA Server Management console fails to load
    ... account but renamed it for security reasons. ... suggested and was able to rename the Administrator folder. ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: Problem with multiple access to one exchange email account
    ... please configure a testing account and test if ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... By multiple access I mean the same ...
    (microsoft.public.windows.server.sbs)