Asked By
Amanda.
0 points
N/A
Posted on - 07/18/2011
Our company server is running on Windows 2000. I was trying to logon and getting this error message:
Logon Message
The local policy of this system does not permit you to logon interactively.
I never had this problem in the past using the same username until this error happened. I tried to edit the Domain Controller GPO and create another username and link it to the Domain Controllers OU in Active Directory Users and Computers but this error message keeps showing again when I try to logon. I downloaded the NTRIGHTS.EXE program from the W2K Resource kit and substitute USERS with the name I want to configure but it did not work.
Has anyone had the same issue? Can someone help me?
Answered By
Balram
0 points
N/A
#84293
Unable to logon to domain controller Sybase
This issue occurs if the user account that you use to log on is a member of one or both of the following groups:
-
The Domain Power Users group
-
The Remote Operators group
In Windows Small Business Server 2003, the "Deny log on locally" policy setting is applied to the Remote Operators group in the Default Domain Controllers Group Policy object. This policy setting also applies to the Domain Power Users group because the Domain Power Users group is a member of the Remote Operators group.
Because a Deny permission overrides an Allow permission, this policy setting prevents users from logging on to domain controllers in the domain, even if the "Allow log on locally" policy applies to those same users.
Note: Sometimes, the Administrator account may be a member of the Remote Operators group or the Domain Power Users group because of group nesting. For example, the Administrator account is a member of the Mobile Users group. Therefore, if you add the Mobile Users group as a member of the Remote Operators group, the Administrator account becomes a member of the Remote Operators group because of group nesting.