GPOs are set so nobody that is not a LOCAL admin in the computer can log in. If you're trying to log in as a domain admin, you shouldn't have any trouble. Now, any other user without admin privileges at the domain level will have to be a local admin to log in into a PC.
-----Original Message----- From: Christopher Hummert [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 01, 2002 2:44 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Log on Interactivly I might have to do that.....argh....I don't want to though -Chris -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bryan Schlegel Sent: Tuesday, April 30, 2002 9:49 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Log on Interactivly Can anyone reference the Defaults for Logon Locally under the Domain Security Policy? I think this would help Chris's problem out here. I tired this once on my DC http://www.jsifaq.com/subg/tip3300/rh3329.htm and for some reason I lost the ability to get into the local machine on my domain controllers. So I am skeptical to dish out advise on messing with Group Policies, after I failed to restore mine properly. I might have to pick up one of those books mentioned about GPO's in that other thread :( -----Original Message----- From: Christopher Hummert [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 30, 2002 9:51 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Log on Interactivly When I log into his computer and chose to log onto the domain as the admin I get the same error message. When I try to log onto the local computer I can just fine. Is there an import feature for the Local Users and Groups, so I can import his account from the domain? I'm at home right now so I don't have physical access to his computer, but I do have access to the server via Terminal Services -Chris -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bryan Schlegel Sent: Tuesday, April 30, 2002 6:41 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Log on Interactivly Chris, Go to the computer, Login as admin or yourself if you have domain admin rights. Right click on my computer > manage > Local Users and Groups > Go to groups make sure his NT account is added to at least to the local users group, if not click add, find the account you are trying to logon to. Logoff the machine, he should be able to login now. -b -----Original Message----- From: Christopher Hummert [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 30, 2002 9:35 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Log on Interactivly I haven't looked at the local security policy. How do I check that? -Chris -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Rick Kingslan Sent: Tuesday, April 30, 2002 6:15 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Log on Interactivly Chris, Have you looked at the machine's Local Security Policy? I can't determine why you're getting this error, but unless the Interactive Logon Permissions have been modified, these are typically set at the machine as the effective settings. The Domain policy would probably be undefined, as the Local would take precedence in this case. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 "Any sufficiently advanced technology is indistinguishable from magic." --- Arthur C. Clarke > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Christopher > Hummert > Sent: Tuesday, April 30, 2002 7:00 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Log on Interactivly > > > I'm having problems with one of my users machines. When he tries to > logon to the domain he gets the following message: > > "The local policy of this system does not permit you to log on > interactively" > > Now I went to the MS KB and found article Q276590. I used the ntrights > program as they said: > > ntrights -m \\dagobah -u rick -r SetDenyInteractiveLogonRight > > But I get the following: > > Revoking SetDenyInteractiveLogonRight from rick on \\dagobah... failed AddUserRightToAccount: ***Error*** AddUserRightToAccount -1073741728 Anyone know what's going on and what I need to do to fix it? This has got my brain cramped. I checked the Domain Security policy and both deny and logon interactively have been changed to not defined. Someone here at the office changed that which is what I think caused the problem in the first place. -Chris List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/