General discussion

  • Creator
    Topic
  • #2273807

    Logon as admin mode user

    Locked

    by st5660 ·

    Under adminstrator mode, I create another admin mode user using other login name, but when I login using the admin mode user name it shows “The local policy of this system does not permit you to logon interactively”. How do make this user can acess as a admin mode user. And how does this system set that so I cant login as admin mode user, but can login as user name is administrator. Pls advise. Thanks

All Comments

  • Author
    Replies
    • #2700948

      Reply To: Logon as admin mode user

      by cg it ·

      In reply to Logon as admin mode user

      well if your trying to remote admin a computer and the local security policy of the computer doesn’t allow interactive logon, you have to change the policy. Basically, only servers have remote admin mode though with remote assistance/remote desktop in XP, it’s almost the same thing.

      • #2700861

        Reply To: Logon as admin mode user

        by st5660 ·

        In reply to Reply To: Logon as admin mode user

        Login the local PC that not yet join domain. And there are PC that can login without prompt the message, the question is there any way to enable back so that can login to the local PC? Any changes in the registry file or setting. Pls advise.

    • #2700850

      Reply To: Logon as admin mode user

      by magetower ·

      In reply to Logon as admin mode user

      Open the Run window from the Start menu and enter the following:

      gpedit.msc

      This will open the Group Policy console for the local machine.

      Drill down to the Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment folder.

      With the folder selected look in the right-hand pane for the following entry: Log on locally

      Examine the settings for this right. It should contain all the normal local machine user groups (Guests, Administrators, Users, Power Users, Backup Operators).

      If this is not the case make it so. This hould correct the problem.

      If it is set correctly then make sure the user account you created is included in the local machine Administrators group.

      …awaiting your response…

      • #2699905

        Reply To: Logon as admin mode user

        by st5660 ·

        In reply to Reply To: Logon as admin mode user

        Hi Magetower,
        I already check the setting User Rights Assignment folder. Found that admin, backup operators, power user, user and guest already setup. I compare the setting of group policy with other PC all are the same.

        I can login after I add in the user name under computer management –> user. But for another PC that I mention just now I can login without adding into it. Is there any 3rd part software to disable it or alter the group policy setting. Pls advise.

    • #2701834

      Reply To: Logon as admin mode user

      by magetower ·

      In reply to Logon as admin mode user

      I know you mentioned that the systems were not a domain member but did they exist on the domain at one time?

      You may want to try the first 5 steps in the Microsoft Knowledge Base Article – 826903 (go to the Microsoft web site and do a search on the article number in the support knowledge base)

      • #2701681

        Reply To: Logon as admin mode user

        by st5660 ·

        In reply to Reply To: Logon as admin mode user

        So you means that if the PC login under domain once, and it will not allow to logon eventhough the PC join to others domain name.

        So if the PC disconnect from the domain, is there the domain-level policy setting still override local policy setting?

        Is it possible to set the local policy setting to block the peoples logon to the PC locally?

    • #2701098

      Reply To: Logon as admin mode user

      by magetower ·

      In reply to Logon as admin mode user

      Domain policy overrides local policy. If the system was on a domain and was not properly removed from the domain there may still be residule policy settings in effect on the local machine. Even though the machine is no longer part of the original domain the security account manager (SAM) probably still retains information from the old domain. The SAM cannot be modified directly through registry editor and obviously local policy settings are not taking over control. Following the steps using the Recovery Console will basically reset the SAM back to its original configuration (when it was first installed). This should also reset security policies that have been applied to the system.

Viewing 3 reply threads