Sign in with
Sign up | Sign in
Your question

Cannot logon to "(local machine)"

Last response: in Windows 2000/NT
Share
Anonymous
November 29, 2004 8:49:19 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I setup roaming profiles and can logon to my domain for each user. However,
when I try to compare the original local profile with the new roaming
profile side-by-side, I get this error message:

"The system could not log you on. Make sure your User name and Domain are
correct..."

I get this when attempting to log on locally to the machine with the
original, local profile.

I tried setting the "Allow log on locally" policy under Computer
Configuration/Windows Settings/Security Settings/Local Policies/User Rights
Assignment".

I added the users group. I even added the user explicitly.

Am I missing a step when applying this policy? I can email my gpresults if
you'd like. Everything appears to be in order.

--
Jim

More about : logon local machine

Anonymous
November 29, 2004 8:33:16 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

So you are not able to logon at all as that user?? If that is the case
enable auditing of logon events on the computer in question and account
logon events in Domain Controller Security Policy to see if any logon
failures are recorded and the reason for such. The error seems to indicate
unknown user account or bad password. By default all domain users can logon
to all domain computers except domain controllers. Make sure you are logging
onto the correct domain or not the local machine on the computer in
question. Also check that the user has permissions to their local profile
which by default would be full control and also be owner. --- Steve


"nhlpens66" <nhlpens66@discussions.microsoft.com> wrote in message
news:7C8963B1-F2CE-43E4-B3E0-8985E3D2B93B@microsoft.com...
>I setup roaming profiles and can logon to my domain for each user.
>However,
> when I try to compare the original local profile with the new roaming
> profile side-by-side, I get this error message:
>
> "The system could not log you on. Make sure your User name and Domain are
> correct..."
>
> I get this when attempting to log on locally to the machine with the
> original, local profile.
>
> I tried setting the "Allow log on locally" policy under Computer
> Configuration/Windows Settings/Security Settings/Local Policies/User
> Rights
> Assignment".
>
> I added the users group. I even added the user explicitly.
>
> Am I missing a step when applying this policy? I can email my gpresults
> if
> you'd like. Everything appears to be in order.
>
> --
> Jim
Anonymous
November 29, 2004 8:33:17 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I am able to logon with local accounts (locally only, of course); and with
domain accounts through domain authentication only. I CANNOT logon to any
domain accounts locally (local machine).

"Steven L Umbach" wrote:

> So you are not able to logon at all as that user?? If that is the case
> enable auditing of logon events on the computer in question and account
> logon events in Domain Controller Security Policy to see if any logon
> failures are recorded and the reason for such. The error seems to indicate
> unknown user account or bad password. By default all domain users can logon
> to all domain computers except domain controllers. Make sure you are logging
> onto the correct domain or not the local machine on the computer in
> question. Also check that the user has permissions to their local profile
> which by default would be full control and also be owner. --- Steve
>
>
> "nhlpens66" <nhlpens66@discussions.microsoft.com> wrote in message
> news:7C8963B1-F2CE-43E4-B3E0-8985E3D2B93B@microsoft.com...
> >I setup roaming profiles and can logon to my domain for each user.
> >However,
> > when I try to compare the original local profile with the new roaming
> > profile side-by-side, I get this error message:
> >
> > "The system could not log you on. Make sure your User name and Domain are
> > correct..."
> >
> > I get this when attempting to log on locally to the machine with the
> > original, local profile.
> >
> > I tried setting the "Allow log on locally" policy under Computer
> > Configuration/Windows Settings/Security Settings/Local Policies/User
> > Rights
> > Assignment".
> >
> > I added the users group. I even added the user explicitly.
> >
> > Am I missing a step when applying this policy? I can email my gpresults
> > if
> > you'd like. Everything appears to be in order.
> >
> > --
> > Jim
>
>
>
Related resources
Anonymous
November 30, 2004 5:36:58 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

"nhlpens66" <nhlpens66@discussions.microsoft.com> wrote in message
news:8B22C6FB-40FF-492B-9004-0F222E2BEBE5@microsoft.com...
>I am able to logon with local accounts (locally only, of course); and with
> domain accounts through domain authentication only. I CANNOT logon to any
> domain accounts locally (local machine).
>
> "Steven L Umbach" wrote:
>
>> So you are not able to logon at all as that user?? If that is the case
>> enable auditing of logon events on the computer in question and account
>> logon events in Domain Controller Security Policy to see if any logon
>> failures are recorded and the reason for such. The error seems to
>> indicate
>> unknown user account or bad password. By default all domain users can
>> logon
>> to all domain computers except domain controllers. Make sure you are
>> logging
>> onto the correct domain or not the local machine on the computer in
>> question. Also check that the user has permissions to their local profile
>> which by default would be full control and also be owner. --- Steve
>>
>>
>> "nhlpens66" <nhlpens66@discussions.microsoft.com> wrote in message
>> news:7C8963B1-F2CE-43E4-B3E0-8985E3D2B93B@microsoft.com...
>> >I setup roaming profiles and can logon to my domain for each user.
>> >However,
>> > when I try to compare the original local profile with the new roaming
>> > profile side-by-side, I get this error message:
>> >
>> > "The system could not log you on. Make sure your User name and Domain
>> > are
>> > correct..."
>> >
>> > I get this when attempting to log on locally to the machine with the
>> > original, local profile.
>> >
>> > I tried setting the "Allow log on locally" policy under Computer
>> > Configuration/Windows Settings/Security Settings/Local Policies/User
>> > Rights
>> > Assignment".
>> >
>> > I added the users group. I even added the user explicitly.
>> >
>> > Am I missing a step when applying this policy? I can email my
>> > gpresults
>> > if
>> > you'd like. Everything appears to be in order.
>> >
>> > --
>> > Jim
>>
>>
>>
Anonymous
November 30, 2004 5:43:34 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

That is by design. You can only logon to the local computer with accounts
that exist in the local user database as shown by lusrmgr.msc because when
you logon to the local computer you are authenticating with the local sam.
Domain users must select the domain name when they logon - not the local
machine --- Steve


"nhlpens66" <nhlpens66@discussions.microsoft.com> wrote in message
news:8B22C6FB-40FF-492B-9004-0F222E2BEBE5@microsoft.com...
>I am able to logon with local accounts (locally only, of course); and with
> domain accounts through domain authentication only. I CANNOT logon to any
> domain accounts locally (local machine).
>
> "Steven L Umbach" wrote:
>
>> So you are not able to logon at all as that user?? If that is the case
>> enable auditing of logon events on the computer in question and account
>> logon events in Domain Controller Security Policy to see if any logon
>> failures are recorded and the reason for such. The error seems to
>> indicate
>> unknown user account or bad password. By default all domain users can
>> logon
>> to all domain computers except domain controllers. Make sure you are
>> logging
>> onto the correct domain or not the local machine on the computer in
>> question. Also check that the user has permissions to their local profile
>> which by default would be full control and also be owner. --- Steve
>>
>>
>> "nhlpens66" <nhlpens66@discussions.microsoft.com> wrote in message
>> news:7C8963B1-F2CE-43E4-B3E0-8985E3D2B93B@microsoft.com...
>> >I setup roaming profiles and can logon to my domain for each user.
>> >However,
>> > when I try to compare the original local profile with the new roaming
>> > profile side-by-side, I get this error message:
>> >
>> > "The system could not log you on. Make sure your User name and Domain
>> > are
>> > correct..."
>> >
>> > I get this when attempting to log on locally to the machine with the
>> > original, local profile.
>> >
>> > I tried setting the "Allow log on locally" policy under Computer
>> > Configuration/Windows Settings/Security Settings/Local Policies/User
>> > Rights
>> > Assignment".
>> >
>> > I added the users group. I even added the user explicitly.
>> >
>> > Am I missing a step when applying this policy? I can email my
>> > gpresults
>> > if
>> > you'd like. Everything appears to be in order.
>> >
>> > --
>> > Jim
>>
>>
>>
Anonymous
November 30, 2004 1:05:14 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

But I'm using roaming profiles with folder redirection and offline files. I
want to logon to the locally cached copy when, say, my laptop is mobile and
on the road.

I should be able to logon to the locally cached profile. The documentation
for roaming profiles states that all changes to the profile and offline files
will be merged/copied back to the server when I next logon to the network.

Jim

"Steven L Umbach" wrote:

> That is by design. You can only logon to the local computer with accounts
> that exist in the local user database as shown by lusrmgr.msc because when
> you logon to the local computer you are authenticating with the local sam.
> Domain users must select the domain name when they logon - not the local
> machine --- Steve
>
>
> "nhlpens66" <nhlpens66@discussions.microsoft.com> wrote in message
> news:8B22C6FB-40FF-492B-9004-0F222E2BEBE5@microsoft.com...
> >I am able to logon with local accounts (locally only, of course); and with
> > domain accounts through domain authentication only. I CANNOT logon to any
> > domain accounts locally (local machine).
> >
> > "Steven L Umbach" wrote:
> >
> >> So you are not able to logon at all as that user?? If that is the case
> >> enable auditing of logon events on the computer in question and account
> >> logon events in Domain Controller Security Policy to see if any logon
> >> failures are recorded and the reason for such. The error seems to
> >> indicate
> >> unknown user account or bad password. By default all domain users can
> >> logon
> >> to all domain computers except domain controllers. Make sure you are
> >> logging
> >> onto the correct domain or not the local machine on the computer in
> >> question. Also check that the user has permissions to their local profile
> >> which by default would be full control and also be owner. --- Steve
> >>
> >>
> >> "nhlpens66" <nhlpens66@discussions.microsoft.com> wrote in message
> >> news:7C8963B1-F2CE-43E4-B3E0-8985E3D2B93B@microsoft.com...
> >> >I setup roaming profiles and can logon to my domain for each user.
> >> >However,
> >> > when I try to compare the original local profile with the new roaming
> >> > profile side-by-side, I get this error message:
> >> >
> >> > "The system could not log you on. Make sure your User name and Domain
> >> > are
> >> > correct..."
> >> >
> >> > I get this when attempting to log on locally to the machine with the
> >> > original, local profile.
> >> >
> >> > I tried setting the "Allow log on locally" policy under Computer
> >> > Configuration/Windows Settings/Security Settings/Local Policies/User
> >> > Rights
> >> > Assignment".
> >> >
> >> > I added the users group. I even added the user explicitly.
> >> >
> >> > Am I missing a step when applying this policy? I can email my
> >> > gpresults
> >> > if
> >> > you'd like. Everything appears to be in order.
> >> >
> >> > --
> >> > Jim
> >>
> >>
> >>
>
>
>
Anonymous
November 30, 2004 1:31:03 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Steven,

Maybe all I'm missing is to actually create the user account in the local
sam database. That's where the authentication is failing. The profile may
be cached locally, but the user account doesn't exist in the sam. I'll try
that.

"Steven L Umbach" wrote:

> That is by design. You can only logon to the local computer with accounts
> that exist in the local user database as shown by lusrmgr.msc because when
> you logon to the local computer you are authenticating with the local sam.
> Domain users must select the domain name when they logon - not the local
> machine --- Steve
>
>
> "nhlpens66" <nhlpens66@discussions.microsoft.com> wrote in message
> news:8B22C6FB-40FF-492B-9004-0F222E2BEBE5@microsoft.com...
> >I am able to logon with local accounts (locally only, of course); and with
> > domain accounts through domain authentication only. I CANNOT logon to any
> > domain accounts locally (local machine).
> >
> > "Steven L Umbach" wrote:
> >
> >> So you are not able to logon at all as that user?? If that is the case
> >> enable auditing of logon events on the computer in question and account
> >> logon events in Domain Controller Security Policy to see if any logon
> >> failures are recorded and the reason for such. The error seems to
> >> indicate
> >> unknown user account or bad password. By default all domain users can
> >> logon
> >> to all domain computers except domain controllers. Make sure you are
> >> logging
> >> onto the correct domain or not the local machine on the computer in
> >> question. Also check that the user has permissions to their local profile
> >> which by default would be full control and also be owner. --- Steve
> >>
> >>
> >> "nhlpens66" <nhlpens66@discussions.microsoft.com> wrote in message
> >> news:7C8963B1-F2CE-43E4-B3E0-8985E3D2B93B@microsoft.com...
> >> >I setup roaming profiles and can logon to my domain for each user.
> >> >However,
> >> > when I try to compare the original local profile with the new roaming
> >> > profile side-by-side, I get this error message:
> >> >
> >> > "The system could not log you on. Make sure your User name and Domain
> >> > are
> >> > correct..."
> >> >
> >> > I get this when attempting to log on locally to the machine with the
> >> > original, local profile.
> >> >
> >> > I tried setting the "Allow log on locally" policy under Computer
> >> > Configuration/Windows Settings/Security Settings/Local Policies/User
> >> > Rights
> >> > Assignment".
> >> >
> >> > I added the users group. I even added the user explicitly.
> >> >
> >> > Am I missing a step when applying this policy? I can email my
> >> > gpresults
> >> > if
> >> > you'd like. Everything appears to be in order.
> >> >
> >> > --
> >> > Jim
> >>
> >>
> >>
>
>
>
Anonymous
November 30, 2004 8:31:32 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

If a user has logged on with a domain account, the credentials (usernmame,
password and domain name) are cached locally.

Then, when the computer is NOT network connected, the user can still logon
with their domain user account. Just leave the "Domain:" box on the logon
panel with the domain name - don't change it to the local computer name.
Key the user's normal (Domain) username and password.

Naturally, since there is no network connection, the locally cached copy of
the roaming profile will also be used.

By default, Windows will cache the logon credentials locally for up to 10
domain user accounts.

--
Bruce Sanderson MVP

It's perfectly useless to know the right answer to the wrong question.


"nhlpens66" <nhlpens66@discussions.microsoft.com> wrote in message
news:73A0A99D-45C1-4059-91F8-CF519061462E@microsoft.com...
> Steven,
>
> Maybe all I'm missing is to actually create the user account in the local
> sam database. That's where the authentication is failing. The profile
> may
> be cached locally, but the user account doesn't exist in the sam. I'll
> try
> that.
>
> "Steven L Umbach" wrote:
>
>> That is by design. You can only logon to the local computer with accounts
>> that exist in the local user database as shown by lusrmgr.msc because
>> when
>> you logon to the local computer you are authenticating with the local
>> sam.
>> Domain users must select the domain name when they logon - not the local
>> machine --- Steve
>>
>>
>> "nhlpens66" <nhlpens66@discussions.microsoft.com> wrote in message
>> news:8B22C6FB-40FF-492B-9004-0F222E2BEBE5@microsoft.com...
>> >I am able to logon with local accounts (locally only, of course); and
>> >with
>> > domain accounts through domain authentication only. I CANNOT logon to
>> > any
>> > domain accounts locally (local machine).
>> >
>> > "Steven L Umbach" wrote:
>> >
>> >> So you are not able to logon at all as that user?? If that is the case
>> >> enable auditing of logon events on the computer in question and
>> >> account
>> >> logon events in Domain Controller Security Policy to see if any logon
>> >> failures are recorded and the reason for such. The error seems to
>> >> indicate
>> >> unknown user account or bad password. By default all domain users can
>> >> logon
>> >> to all domain computers except domain controllers. Make sure you are
>> >> logging
>> >> onto the correct domain or not the local machine on the computer in
>> >> question. Also check that the user has permissions to their local
>> >> profile
>> >> which by default would be full control and also be owner. --- Steve
>> >>
>> >>
>> >> "nhlpens66" <nhlpens66@discussions.microsoft.com> wrote in message
>> >> news:7C8963B1-F2CE-43E4-B3E0-8985E3D2B93B@microsoft.com...
>> >> >I setup roaming profiles and can logon to my domain for each user.
>> >> >However,
>> >> > when I try to compare the original local profile with the new
>> >> > roaming
>> >> > profile side-by-side, I get this error message:
>> >> >
>> >> > "The system could not log you on. Make sure your User name and
>> >> > Domain
>> >> > are
>> >> > correct..."
>> >> >
>> >> > I get this when attempting to log on locally to the machine with the
>> >> > original, local profile.
>> >> >
>> >> > I tried setting the "Allow log on locally" policy under Computer
>> >> > Configuration/Windows Settings/Security Settings/Local Policies/User
>> >> > Rights
>> >> > Assignment".
>> >> >
>> >> > I added the users group. I even added the user explicitly.
>> >> >
>> >> > Am I missing a step when applying this policy? I can email my
>> >> > gpresults
>> >> > if
>> >> > you'd like. Everything appears to be in order.
>> >> >
>> >> > --
>> >> > Jim
>> >>
>> >>
>> >>
>>
>>
>>
!