Archived from groups: microsoft.public.win2000.group_policy (More info?)
Recently, various users on my network have been receiving the following
error message when attempting to login: "The local policy of this system
does not permit you to logon interactively". It will then not allow a login
to the machine under any user ID, even when trying to log in as
Administrator to the local computer domain. The only solution thus far is
to restart and try again, sometimes up to 10 times or more. Ultimately,
after restarting multiple times, it will allow the user to log in. This is
only happening on Windows 2000 workstations and Win2K servers that are not
PDCs or BDCs. It does not have any effect on my NT 4.0 Terminal Server,
Windows 98, or Windows XP Professional
I have checked all security policies that I can find and there are no users
or groups defined in the "Deny logon locally" security policy in any of them
(Domain Security Policy, Domain Controller Security Policy, Local Security
Policy, etc.). I have tried putting the users and/or groups into the "Log
on locally" security policy to no avail. I have also tried creating another
Organizational Unit in Active Directory to put these machines in and then
created a new group policy for it to allow "Log on locally". That doesn't
work, either.
The only things different on the network that I am aware of is that I
installed a new firewall device a few weeks ago and I've taken our old
antivirus server offline and installed a new one. I don't think I've
installed any new Windows updates on the servers since this problem starting
happening about 2 weeks ago (the antivirus software was moved to the new
server about 4 weeks ago and the firewall has been up and running for about
2 months now).
Any help would be greatly appreciated.
Recently, various users on my network have been receiving the following
error message when attempting to login: "The local policy of this system
does not permit you to logon interactively". It will then not allow a login
to the machine under any user ID, even when trying to log in as
Administrator to the local computer domain. The only solution thus far is
to restart and try again, sometimes up to 10 times or more. Ultimately,
after restarting multiple times, it will allow the user to log in. This is
only happening on Windows 2000 workstations and Win2K servers that are not
PDCs or BDCs. It does not have any effect on my NT 4.0 Terminal Server,
Windows 98, or Windows XP Professional
I have checked all security policies that I can find and there are no users
or groups defined in the "Deny logon locally" security policy in any of them
(Domain Security Policy, Domain Controller Security Policy, Local Security
Policy, etc.). I have tried putting the users and/or groups into the "Log
on locally" security policy to no avail. I have also tried creating another
Organizational Unit in Active Directory to put these machines in and then
created a new group policy for it to allow "Log on locally". That doesn't
work, either.
The only things different on the network that I am aware of is that I
installed a new firewall device a few weeks ago and I've taken our old
antivirus server offline and installed a new one. I don't think I've
installed any new Windows updates on the servers since this problem starting
happening about 2 weeks ago (the antivirus software was moved to the new
server about 4 weeks ago and the firewall has been up and running for about
2 months now).
Any help would be greatly appreciated.