A user tries to log on to a Windows machine and receives the
error message “The local policy of this system does not permit you to
log on interactively.” This can happen in a number of scenarios, and the way to resolve the issue depends on the cause of the problem.
If the Local Security Policy is set to disallow local logons
to Everyone, then the error message will pop up for any user who tries
to log on, including an administrator. This can be fixed in a couple of ways:
can use the resource kit tool, Ntrights.exe,
to change the local logon rights. For example, you could run this command:
ntrights -m \\ProblemComputer -u
Administrator +r SeInteractiveLogonRight.
can open a command prompt from another computer on the same network, issue
the command Net use x: \\ProblemComputer\C$
<Password> /u:Administrator, and then change to the directory %SystemRoot%\Security\Database.
Rename Secedit.sdb to Secedit.old_sdb and copy a working version of a
Secedit.sdb file from another computer running the same operating system
(for example, Windows 2000 Professional).
In Active Directory, if a Group Policy is set
to Deny Logon Locally, users will encounter this error. In order to
mitigate the problem, an administrator will need to change the policy, as
explained in this tip.
If this error message pops up while a user is trying to
connect via Remote Desktop or a Terminal Services connection, the administrator
will need to take a different set of actions. For a Remote Desktop connection, Microsoft Knowledge Base
Article 289289 explains how to overcome this error.
For Terminal Services clients,
this error message could be caused by Terminal Services being installed on a
domain controller; this
tip explains what needs to be done in that case. For Windows NT Server 4.0 Terminal
Server Edition, there could be a different problem, and Microsoft Knowledge Base
Article 186529 shows what can be done to resolve the issue.