Sign in with
Sign up | Sign in
Your question

Local sec policy prohibits interactive logon

Last response: in Windows XP
Share
September 8, 2011 3:36:42 AM

So I was poking around the local security policy and it looks like I fobar'd a setting. Now when I go to logon I get "the local security policy of this system does not permit you to logon interactively." That goes for any of the accounts even in safe mode. :fou: 

So question is how do I best go about fixing this? Is there a way I can either reset or apply a security template without loging in?

Before I did what I did, I did create a restore point but I cant get into windows to use it and my install does not have a recovery console.

Any help would appreciated.
a b 8 Security
September 8, 2011 7:15:32 AM



Hello and welcome to Tom's Hardware Forums.

Oh dear - you probably won't want to go tinkering in there again. Use your (or a borrowed) XP CD to get to the first Repair option and when you finally reach a Command Prompt, change the directory from whatever it shows to the folder which holds the Registry files. To do that, type the following, including any spaces:-

chdir c:\windows\system32\config

assuming C:\ is your systemroot drive. Hit Enter and scroll through the list to the file named SAM. How many do you see and is one recently dated and called SAM.BAK or SAM.OLD? If you have one that's a day or so old, type:-

ren sam sam2

hit Enter then:-

ren sam.old sam

or rename sam.bak if applicable, and then hit Enter. restart and see if that helped. Please post back if it didn't.

m
0
l
September 10, 2011 6:11:21 AM

I was able to get my hands on another boot cd which allowed me to boot a mini xp environment. Unfortunately there is no other/older sam file besides a log file. Could I use one from another PC?
m
0
l
Related resources
a b 8 Security
September 10, 2011 6:26:09 AM

Flack82 said:
Could I use one from another PC?




I think it would be a brave move but given that he alternative is to reinstall, it may be worth a shot. Use MiniXP to get all your personal files out first though - if the revised system flies at all, existing Profiles and User Accounts won't be visible and flies may be hard to find.

m
0
l
September 11, 2011 3:27:21 AM

Before I throw gas on the flames, would a system restore address this file?

If so is there any way I can run SR without logging into windows? Any utilities that you know of?
m
0
l
September 12, 2011 8:49:55 PM

So after you pointed me in the direction of the SAM file I was able to find an older version of the file in a few different places including C:\windows\repair.

Unfortunately even after using this older (~year) file i still receive the same error, "the local security policy of this system does not permit you to logon interactively."

Any other thoughts?
m
0
l
September 12, 2011 9:19:31 PM

Never mind! It was the security file that needed replacing. Of course it seems obvious now but thank you for pointing me in the right direction :bounce: 
m
0
l
a b 8 Security
September 13, 2011 5:50:45 AM



Hmm - SAM usually handles logon hitches but I'm pleased you got it sorted in the end.

m
0
l
April 28, 2012 1:32:26 PM

I have this same issue (opened a new post the other day under windows security).
Will the system boot if I rename the security hive and don't copy another one in?

I have a feeling if I restore the old SAM file I'll still be in the same place.
m
0
l
April 28, 2012 1:33:11 PM

Flack82 said:
Never mind! It was the security file that needed replacing. Of course it seems obvious now but thank you for pointing me in the right direction :bounce: 



My issue is on server 2003 - but did you just pull a copy of the security hive from another xp box or what did you do?
m
0
l
May 5, 2012 4:38:02 PM

cattech said:
My issue is on server 2003 - but did you just pull a copy of the security hive from another xp box or what did you do?


My problem ended up being a change in the "security" file not the "SAM" file.

And to answer your question, no, I searched through the drive that XP was installed on and found and used an older copy in C:\windows\repair folder.

If that didn't work I was going to try one from another box as a very last resort as there was a risk of corrupting the SAM or security descriptors and loosing that whole install of XP.

I did not try booting without a security file either, so I dont know how the system would react.

I hope this helps, good luck!
m
0
l
!