HELP!!! Unable to logon to Server 2000

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Some changes were made to group policy several days ago
and something musta got screwed up because I cannot log
back in now that I have logged out. I get the following
message after the failed login: "the local policy of this
system does not permit you to logon interactively"
Is there anything that I can do?
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

There are a few ways to fix this:

http://techrepublic.com.com/5100-6268_11-5313668.html


--
******************************
Laura E. Hunter - MCSE, MCT, MVP
Replies to newsgroup only


"Dave W" <anonymous@discussions.microsoft.com> wrote in message
news:2f8501c4a4bc$3b3f0810$a301280a@phx.gbl...
> Some changes were made to group policy several days ago
> and something musta got screwed up because I cannot log
> back in now that I have logged out. I get the following
> message after the failed login: "the local policy of this
> system does not permit you to logon interactively"
> Is there anything that I can do?
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Thanks for the fast response.
Is there a way that I can fix this problem from my PC
which is also a Win 2000 Server that I believe is
replicated to from the problem server that won't allow me
to log on? I am able to open, through the Administrative
Tools, the the Domain Users and Computers applet therefore
having access to the Domain security policy.
If you could help me with some direction as to what
specific policy might be causing this "interactive logon"
message that's preventing me from logging on, it would be
greatly appreciated. If not able to, then I will follow
the course of action spelled out in the article that your
earlier post referred to. Thanks again for your time.

Dave
>-----Original Message-----
>There are a few ways to fix this:
>
>http://techrepublic.com.com/5100-6268_11-5313668.html
>
>
>--
>******************************
>Laura E. Hunter - MCSE, MCT, MVP
>Replies to newsgroup only
>
>
>"Dave W" <anonymous@discussions.microsoft.com> wrote in
message
>news:2f8501c4a4bc$3b3f0810$a301280a@phx.gbl...
>> Some changes were made to group policy several days ago
>> and something musta got screwed up because I cannot log
>> back in now that I have logged out. I get the following
>> message after the failed login: "the local policy of
this
>> system does not permit you to logon interactively"
>> Is there anything that I can do?
>
>
>.
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Hi Dave,

You will have to give us more information.

Is this domain controller that you are trying to logon? Did you try using
Administrator account. Did you try using terminal services to logon... Do
you have same problem on domain controllers, server and clients?

Mike

"Dave W" <anonymous@discussions.microsoft.com> wrote in message
news:2f8501c4a4bc$3b3f0810$a301280a@phx.gbl...
> Some changes were made to group policy several days ago
> and something musta got screwed up because I cannot log
> back in now that I have logged out. I get the following
> message after the failed login: "the local policy of this
> system does not permit you to logon interactively"
> Is there anything that I can do?
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

I apologize for being vague.
Yes, it is a DC with the only other 2000 server being the
PC that I use for a workstation, of sorts. The failed
logon was with the Admin's account at the server's
keyboard. However, I first received the message over the
weekend when I tried logging into a terminal session from
home over the weekend. This is the only machine in our
network that this problem is happening on. I am positive
that I accidentally changed a policy setting last week
when I was trying to get a problematic application on a
workstation to allow me to log on to it's service. Thank
you.

>-----Original Message-----
>Hi Dave,
>
>You will have to give us more information.
>
>Is this domain controller that you are trying to logon?
Did you try using
>Administrator account. Did you try using terminal
services to logon... Do
>you have same problem on domain controllers, server and
clients?
>
>Mike
>
>"Dave W" <anonymous@discussions.microsoft.com> wrote in
message
>news:2f8501c4a4bc$3b3f0810$a301280a@phx.gbl...
>> Some changes were made to group policy several days ago
>> and something musta got screwed up because I cannot log
>> back in now that I have logged out. I get the following
>> message after the failed login: "the local policy of
this
>> system does not permit you to logon interactively"
>> Is there anything that I can do?
>
>
>.
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Dave,

If you can connect to domain using Active Directory Users and Computer from
your computer then Right click Domain Controller OU. Click on Properties ->
Group Policy tab and click to select on Default Domain Controllers Policy.
Click on Edit.

In Group Policy Editor under Computer Configuration -> Windows Settings ->
Security Settings -> Local Policies -> Users Rights Assignment open Allow
log on locally (double click on this policy). Make sure that administrators
group is listed in this policy.

Mike

"Dave W" <anonymous@discussions.microsoft.com> wrote in message
news:301201c4a4c2$103b50f0$a301280a@phx.gbl...
> I apologize for being vague.
> Yes, it is a DC with the only other 2000 server being the
> PC that I use for a workstation, of sorts. The failed
> logon was with the Admin's account at the server's
> keyboard. However, I first received the message over the
> weekend when I tried logging into a terminal session from
> home over the weekend. This is the only machine in our
> network that this problem is happening on. I am positive
> that I accidentally changed a policy setting last week
> when I was trying to get a problematic application on a
> workstation to allow me to log on to it's service. Thank
> you.
>
> >-----Original Message-----
> >Hi Dave,
> >
> >You will have to give us more information.
> >
> >Is this domain controller that you are trying to logon?
> Did you try using
> >Administrator account. Did you try using terminal
> services to logon... Do
> >you have same problem on domain controllers, server and
> clients?
> >
> >Mike
> >
> >"Dave W" <anonymous@discussions.microsoft.com> wrote in
> message
> >news:2f8501c4a4bc$3b3f0810$a301280a@phx.gbl...
> >> Some changes were made to group policy several days ago
> >> and something musta got screwed up because I cannot log
> >> back in now that I have logged out. I get the following
> >> message after the failed login: "the local policy of
> this
> >> system does not permit you to logon interactively"
> >> Is there anything that I can do?
> >
> >
> >.
> >
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Just to add you may need to first install adminpak from the install cdrom
for Windows 2000 on your other computer first. It is located in the I386
folder. Also be sure to check for "deny logon locally " user right entries
as they will override any allow logon locally user right. Keep in mind that
administrators are part of the everyone and users group whenever configuring
permissions - particularly deny permissions. --- Steve


"Miha Pihler" <mihap-news@atlantis.si> wrote in message
news:OYuGDWMpEHA.592@TK2MSFTNGP11.phx.gbl...
> Dave,
>
> If you can connect to domain using Active Directory Users and Computer
> from
> your computer then Right click Domain Controller OU. Click on
> Properties ->
> Group Policy tab and click to select on Default Domain Controllers Policy.
> Click on Edit.
>
> In Group Policy Editor under Computer Configuration -> Windows Settings ->
> Security Settings -> Local Policies -> Users Rights Assignment open Allow
> log on locally (double click on this policy). Make sure that
> administrators
> group is listed in this policy.
>
> Mike
>
> "Dave W" <anonymous@discussions.microsoft.com> wrote in message
> news:301201c4a4c2$103b50f0$a301280a@phx.gbl...
>> I apologize for being vague.
>> Yes, it is a DC with the only other 2000 server being the
>> PC that I use for a workstation, of sorts. The failed
>> logon was with the Admin's account at the server's
>> keyboard. However, I first received the message over the
>> weekend when I tried logging into a terminal session from
>> home over the weekend. This is the only machine in our
>> network that this problem is happening on. I am positive
>> that I accidentally changed a policy setting last week
>> when I was trying to get a problematic application on a
>> workstation to allow me to log on to it's service. Thank
>> you.
>>
>> >-----Original Message-----
>> >Hi Dave,
>> >
>> >You will have to give us more information.
>> >
>> >Is this domain controller that you are trying to logon?
>> Did you try using
>> >Administrator account. Did you try using terminal
>> services to logon... Do
>> >you have same problem on domain controllers, server and
>> clients?
>> >
>> >Mike
>> >
>> >"Dave W" <anonymous@discussions.microsoft.com> wrote in
>> message
>> >news:2f8501c4a4bc$3b3f0810$a301280a@phx.gbl...
>> >> Some changes were made to group policy several days ago
>> >> and something musta got screwed up because I cannot log
>> >> back in now that I have logged out. I get the following
>> >> message after the failed login: "the local policy of
>> this
>> >> system does not permit you to logon interactively"
>> >> Is there anything that I can do?
>> >
>> >
>> >.
>> >
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Well, I tried that and it didn't change anything because
that policy already allowed administrators to logon locally
(the admin account and domain admin account were both in
the policy to allow)The group policy for the Domain is
disabled and I did this to the GPO for the Domain
Controller OU. The other day when I was trying to get the
oother app to work, I thought I had accessed some security
setting via control panel>administrative tools>Local
Security Policy. is this a different policy or another way
of getting to the same one that we're talking about above
because that may be what's the source of the problem
because the message says, "local policy..."?
>-----Original Message-----
>Dave,
>
>If you can connect to domain using Active Directory Users
and Computer from
>your computer then Right click Domain Controller OU.
Click on Properties ->
>Group Policy tab and click to select on Default Domain
Controllers Policy.
>Click on Edit.
>
>In Group Policy Editor under Computer Configuration ->
Windows Settings ->
>Security Settings -> Local Policies -> Users Rights
Assignment open Allow
>log on locally (double click on this policy). Make sure
that administrators
>group is listed in this policy.
>
>Mike
>
>"Dave W" <anonymous@discussions.microsoft.com> wrote in
message
>news:301201c4a4c2$103b50f0$a301280a@phx.gbl...
>> I apologize for being vague.
>> Yes, it is a DC with the only other 2000 server being
the
>> PC that I use for a workstation, of sorts. The failed
>> logon was with the Admin's account at the server's
>> keyboard. However, I first received the message over the
>> weekend when I tried logging into a terminal session
from
>> home over the weekend. This is the only machine in our
>> network that this problem is happening on. I am positive
>> that I accidentally changed a policy setting last week
>> when I was trying to get a problematic application on a
>> workstation to allow me to log on to it's service. Thank
>> you.
>>
>> >-----Original Message-----
>> >Hi Dave,
>> >
>> >You will have to give us more information.
>> >
>> >Is this domain controller that you are trying to logon?
>> Did you try using
>> >Administrator account. Did you try using terminal
>> services to logon... Do
>> >you have same problem on domain controllers, server and
>> clients?
>> >
>> >Mike
>> >
>> >"Dave W" <anonymous@discussions.microsoft.com> wrote in
>> message
>> >news:2f8501c4a4bc$3b3f0810$a301280a@phx.gbl...
>> >> Some changes were made to group policy several days
ago
>> >> and something musta got screwed up because I cannot
log
>> >> back in now that I have logged out. I get the
following
>> >> message after the failed login: "the local policy of
>> this
>> >> system does not permit you to logon interactively"
>> >> Is there anything that I can do?
>> >
>> >
>> >.
>> >
>
>
>.
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Just a thought here and I want to know what your opinion
is, from what I understand, Domain security settings over
ride local security settings. If that's true, then what if
I enable Domain level GP, making certain that those
particular logon rights are set correctly and thereby
superceding any local security settings that are
preventing a logon to that server?

Dave
>-----Original Message-----
>Just to add you may need to first install adminpak from
the install cdrom
>for Windows 2000 on your other computer first. It is
located in the I386
>folder. Also be sure to check for "deny logon locally "
user right entries
>as they will override any allow logon locally user right.
Keep in mind that
>administrators are part of the everyone and users group
whenever configuring
>permissions - particularly deny permissions. --- Steve
>
>
>"Miha Pihler" <mihap-news@atlantis.si> wrote in message
>news:OYuGDWMpEHA.592@TK2MSFTNGP11.phx.gbl...
>> Dave,
>>
>> If you can connect to domain using Active Directory
Users and Computer
>> from
>> your computer then Right click Domain Controller OU.
Click on
>> Properties ->
>> Group Policy tab and click to select on Default Domain
Controllers Policy.
>> Click on Edit.
>>
>> In Group Policy Editor under Computer Configuration ->
Windows Settings ->
>> Security Settings -> Local Policies -> Users Rights
Assignment open Allow
>> log on locally (double click on this policy). Make sure
that
>> administrators
>> group is listed in this policy.
>>
>> Mike
>>
>> "Dave W" <anonymous@discussions.microsoft.com> wrote in
message
>> news:301201c4a4c2$103b50f0$a301280a@phx.gbl...
>>> I apologize for being vague.
>>> Yes, it is a DC with the only other 2000 server being
the
>>> PC that I use for a workstation, of sorts. The failed
>>> logon was with the Admin's account at the server's
>>> keyboard. However, I first received the message over
the
>>> weekend when I tried logging into a terminal session
from
>>> home over the weekend. This is the only machine in our
>>> network that this problem is happening on. I am
positive
>>> that I accidentally changed a policy setting last week
>>> when I was trying to get a problematic application on a
>>> workstation to allow me to log on to it's service.
Thank
>>> you.
>>>
>>> >-----Original Message-----
>>> >Hi Dave,
>>> >
>>> >You will have to give us more information.
>>> >
>>> >Is this domain controller that you are trying to
logon?
>>> Did you try using
>>> >Administrator account. Did you try using terminal
>>> services to logon... Do
>>> >you have same problem on domain controllers, server
and
>>> clients?
>>> >
>>> >Mike
>>> >
>>> >"Dave W" <anonymous@discussions.microsoft.com> wrote
in
>>> message
>>> >news:2f8501c4a4bc$3b3f0810$a301280a@phx.gbl...
>>> >> Some changes were made to group policy several days
ago
>>> >> and something musta got screwed up because I cannot
log
>>> >> back in now that I have logged out. I get the
following
>>> >> message after the failed login: "the local policy of
>>> this
>>> >> system does not permit you to logon interactively"
>>> >> Is there anything that I can do?
>>> >
>>> >
>>> >.
>>> >
>>
>>
>
>
>.
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Should I set the Domain GPO to allow this logon and enable
it? I'm thinking that will override any local policy
setting that's preventing me from logging in to that
sderver?

Dave
>-----Original Message-----
>Just to add you may need to first install adminpak from
the install cdrom
>for Windows 2000 on your other computer first. It is
located in the I386
>folder. Also be sure to check for "deny logon locally "
user right entries
>as they will override any allow logon locally user right.
Keep in mind that
>administrators are part of the everyone and users group
whenever configuring
>permissions - particularly deny permissions. --- Steve
>
>
>"Miha Pihler" <mihap-news@atlantis.si> wrote in message
>news:OYuGDWMpEHA.592@TK2MSFTNGP11.phx.gbl...
>> Dave,
>>
>> If you can connect to domain using Active Directory
Users and Computer
>> from
>> your computer then Right click Domain Controller OU.
Click on
>> Properties ->
>> Group Policy tab and click to select on Default Domain
Controllers Policy.
>> Click on Edit.
>>
>> In Group Policy Editor under Computer Configuration ->
Windows Settings ->
>> Security Settings -> Local Policies -> Users Rights
Assignment open Allow
>> log on locally (double click on this policy). Make sure
that
>> administrators
>> group is listed in this policy.
>>
>> Mike
>>
>> "Dave W" <anonymous@discussions.microsoft.com> wrote in
message
>> news:301201c4a4c2$103b50f0$a301280a@phx.gbl...
>>> I apologize for being vague.
>>> Yes, it is a DC with the only other 2000 server being
the
>>> PC that I use for a workstation, of sorts. The failed
>>> logon was with the Admin's account at the server's
>>> keyboard. However, I first received the message over
the
>>> weekend when I tried logging into a terminal session
from
>>> home over the weekend. This is the only machine in our
>>> network that this problem is happening on. I am
positive
>>> that I accidentally changed a policy setting last week
>>> when I was trying to get a problematic application on a
>>> workstation to allow me to log on to it's service.
Thank
>>> you.
>>>
>>> >-----Original Message-----
>>> >Hi Dave,
>>> >
>>> >You will have to give us more information.
>>> >
>>> >Is this domain controller that you are trying to
logon?
>>> Did you try using
>>> >Administrator account. Did you try using terminal
>>> services to logon... Do
>>> >you have same problem on domain controllers, server
and
>>> clients?
>>> >
>>> >Mike
>>> >
>>> >"Dave W" <anonymous@discussions.microsoft.com> wrote
in
>>> message
>>> >news:2f8501c4a4bc$3b3f0810$a301280a@phx.gbl...
>>> >> Some changes were made to group policy several days
ago
>>> >> and something musta got screwed up because I cannot
log
>>> >> back in now that I have logged out. I get the
following
>>> >> message after the failed login: "the local policy of
>>> this
>>> >> system does not permit you to logon interactively"
>>> >> Is there anything that I can do?
>>> >
>>> >
>>> >.
>>> >
>>
>>
>
>
>.
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Any domain or Organizational Unit Group Policy that is enabled will override
Local Security Policy defined settings assuming everything is configured
correctly and the policy propagates. Domain Controllers by default have user
rights for logon locally and deny logon locally defined in Domain Controller
Security Policy and that will override the Local Security Policy for those
user rights. I would first double check the Domain Controller Security
Policy from your other server to make sure that those user rights are
correct. If you change them, reboot the domain controller. Note that if you
have more than one GPO in the domain controller container [or any container]
that the GPO at the top of the list has the highest precedence which means
you need to check all policies in that container. I would also examine Event
Viewer for the domain controller from the other server to see if there any
errors/warnings reported that may be helpful. You can use Computer
Management and then select another computer to view the Event Viewer of
another network computer assuming you have proper credentials. --- Steve


"Dave W" <anonymous@discussions.microsoft.com> wrote in message
news:019801c4a4cc$947cd870$a601280a@phx.gbl...
> Just a thought here and I want to know what your opinion
> is, from what I understand, Domain security settings over
> ride local security settings. If that's true, then what if
> I enable Domain level GP, making certain that those
> particular logon rights are set correctly and thereby
> superceding any local security settings that are
> preventing a logon to that server?
>
> Dave
>>-----Original Message-----
>>Just to add you may need to first install adminpak from
> the install cdrom
>>for Windows 2000 on your other computer first. It is
> located in the I386
>>folder. Also be sure to check for "deny logon locally "
> user right entries
>>as they will override any allow logon locally user right.
> Keep in mind that
>>administrators are part of the everyone and users group
> whenever configuring
>>permissions - particularly deny permissions. --- Steve
>>
>>
>>"Miha Pihler" <mihap-news@atlantis.si> wrote in message
>>news:OYuGDWMpEHA.592@TK2MSFTNGP11.phx.gbl...
>>> Dave,
>>>
>>> If you can connect to domain using Active Directory
> Users and Computer
>>> from
>>> your computer then Right click Domain Controller OU.
> Click on
>>> Properties ->
>>> Group Policy tab and click to select on Default Domain
> Controllers Policy.
>>> Click on Edit.
>>>
>>> In Group Policy Editor under Computer Configuration ->
> Windows Settings ->
>>> Security Settings -> Local Policies -> Users Rights
> Assignment open Allow
>>> log on locally (double click on this policy). Make sure
> that
>>> administrators
>>> group is listed in this policy.
>>>
>>> Mike
>>>
>>> "Dave W" <anonymous@discussions.microsoft.com> wrote in
> message
>>> news:301201c4a4c2$103b50f0$a301280a@phx.gbl...
>>>> I apologize for being vague.
>>>> Yes, it is a DC with the only other 2000 server being
> the
>>>> PC that I use for a workstation, of sorts. The failed
>>>> logon was with the Admin's account at the server's
>>>> keyboard. However, I first received the message over
> the
>>>> weekend when I tried logging into a terminal session
> from
>>>> home over the weekend. This is the only machine in our
>>>> network that this problem is happening on. I am
> positive
>>>> that I accidentally changed a policy setting last week
>>>> when I was trying to get a problematic application on a
>>>> workstation to allow me to log on to it's service.
> Thank
>>>> you.
>>>>
>>>> >-----Original Message-----
>>>> >Hi Dave,
>>>> >
>>>> >You will have to give us more information.
>>>> >
>>>> >Is this domain controller that you are trying to
> logon?
>>>> Did you try using
>>>> >Administrator account. Did you try using terminal
>>>> services to logon... Do
>>>> >you have same problem on domain controllers, server
> and
>>>> clients?
>>>> >
>>>> >Mike
>>>> >
>>>> >"Dave W" <anonymous@discussions.microsoft.com> wrote
> in
>>>> message
>>>> >news:2f8501c4a4bc$3b3f0810$a301280a@phx.gbl...
>>>> >> Some changes were made to group policy several days
> ago
>>>> >> and something musta got screwed up because I cannot
> log
>>>> >> back in now that I have logged out. I get the
> following
>>>> >> message after the failed login: "the local policy of
>>>> this
>>>> >> system does not permit you to logon interactively"
>>>> >> Is there anything that I can do?
>>>> >
>>>> >
>>>> >.
>>>> >
>>>
>>>
>>
>>
>>.
>>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Miha Pihler wrote:
> Dave,
>
> If you can connect to domain using Active Directory Users and
> Computer from your computer then Right click Domain Controller OU.
> Click on Properties -> Group Policy tab and click to select on
> Default Domain Controllers Policy. Click on Edit.
>
> In Group Policy Editor under Computer Configuration -> Windows
> Settings -> Security Settings -> Local Policies -> Users Rights
> Assignment open Allow log on locally (double click on this policy).
> Make sure that administrators group is listed in this policy.
>
> Mike
>

Mike --

Thanks very much for this ... saved my life ...

--
Ed.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom