General discussion


Local Policy Does Not allow logon

By jbarrett ·
OK I'm retarted Look I know you don't have to grant local admin rights for users to logon. I gone to the Local Security Policy --> User
Rights Assignment --> Log on Locally Policy addes my user. But still when she logs on "Local Policy does not allow you to log on Locally". I checked it out and Its not checked in Effective Settings
but its greyed out. I'm logon as the the Domain Admin so I should access to everything. WHAT THE **** am I doing wrong?????grrr

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by CG IT In reply to Local Policy Does Not all ...

well, for the user you want to add, is their account a local machine account or a domain account. Domain users don't automatically have local machine user accounts.

Collapse -

by sgt_shultz In reply to Local Policy Does Not all ...

maybe it is a bug. we need the exact error message and anything in the event logs (Security)
did you see this:
"The local policy of this system does not permit you to logon interactively" error message when you log on to your Windows 2000-based computer";en-us;826903

Collapse -

by jbarrett In reply to Local Policy Does Not all ...

The user account is a domain account. the Exact Error message is "The local policy of this system does not permit you to logon interactively". How I ended getting the user logon was I made her a power user then went to the DC check to see if there was anything there, no luck. I looked over the link, but I can log as a admin both local and domain, but the user can't.???? I would like to figure out a way to make the user a "Restricted User" and be able to logon. Anyone got any suggestions?

Collapse -

by jbarrett In reply to Local Policy Does Not all ...

Point value changed by question poster.

Collapse -

you do say you checked the log on locally policy, but did you also check the "deny logon locally" policy to be sure that any groups the user are a part of are not there? it's a security policy issue one way or the other.

Collapse -

by sga In reply to Local Policy Does Not all ...

I have recently had a similar problem. In my case, if I configure the domain user as a local administrator I can logon, if not I get the same error message. I have check all policies but all appear to be okay. One thing, I recently implemented WSUS and I believe this is when the trouble started. (Yes I have checked my Domain's Group Policy). Any suggestions?

Collapse -

by sga In reply to

It seems I fixed my own problem.
When I implemented WSUS, it uses the GPO to configure update servers, etc. The GPO overwrites (or has precedence over) the local policy. I simply created a security group that contains all domain uses (this may vary depending on your needs) and explicitly assigned local logon rights to this group. "gpupdate /force" will update policies immediately to void any waits. Hope this helps...

Collapse -

by jbarrett In reply to

I checked the deny policys and my user wasn't in it, no one was. I checked for everything I could think of, but I don't think WSUS has anything to do with it though. How I finally got around it was I put my user in the Power Users group. The main goal was to make so she couldn't install anything. She can still access the network. It just blows my mind that MS has a Restricted Users group I can't get to work. If any one figures it out please let me know, Now I just want to know how.
J Barrett

Collapse -


by laithan In reply to Local Policy Does Not all ...

I feel your pain. You didn't specify but I'm assuming you are using Windows XP. When XP came out I initially had this same problem until I realized there was a new user group called REMOTE DESKTOP USERS.

Just add the user account into that group and you should be all set. The policy change might need a reboot to take affect, not sure.

Related Discussions

Related Forums