So I have a win2k server with win2k clients. One client (on the network 4 or 5 months already) "suddenly" stopped being able to logon sometime in the past couple days. The worker came in on Sunday, reportedly to a functioning computer. He was out of the office M + T, now when he tries to log on he gets a "Local Policy on this system does not allow you to logon interactively" error. This is just on one machine. The machine won't let other user accounts or the domain admin account log on either, and gives the same error when you try to log on locally to the machine. All accounts work from other client computers, including the user in question. The cable connection is fine, and other clients are working fine. Any ideas?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Not Allowed Logon Interactively
- Thread starter nokona13
- Start date
- Thread starter
- #3
All my regular users are in the same group. The logon locall and deny logon locally settings were both undefined in that GPO. I specifically added mydomain.com/Domain Computers to the logon locally policy, but that did nothing. I'm not sure how to specifically get to an individual computer account in the GPO, since they're not listed, but I did check on the properties of the computer in question and it is a member of the mydomain.com/Domain Computers group... What else could this be?
I had this problem and was able to resolve with information from this article.
Hope it works for you.
Hope it works for you.
Sorry, gave you link to Windows 2003 server - here is link to WIN2K server.
There could be another reason why it is not letting anyone logon. The computer might have lost its authentication with the domain. If that is the case (and i think it is) you need to have the network administrator take that computer off of the domain, restart the computer, log in and re-add it to the domain. After that happens, it should be ready to go. I see this all the time with my organization and it is a really easy simple fix.
- Thread starter
- #7
haha! Unfortunately I am the network admin 
I did actually find that solution on microsoft support. Unfortunately, they told me to boot into the recovery console and copy winnt/repair/security to winnt/system32/config/security first. I removed the computer accound in ADUC and together that did some funky things to the computer but did let me log on once locally. The computer froze in the process of trying to rejoin the domain (after I'd put in the admin account/password). After I had to restart then, I couldn't get on at all. I ended up just putting this guys main harddrive as secondary in a different box so he could get back to work and have all his files. His windows install was getting old and balky anyway, so I think this actually isn't such a bad fix. Killed my test workstation though!
Thanks for all the help everyone!
I did actually find that solution on microsoft support. Unfortunately, they told me to boot into the recovery console and copy winnt/repair/security to winnt/system32/config/security first. I removed the computer accound in ADUC and together that did some funky things to the computer but did let me log on once locally. The computer froze in the process of trying to rejoin the domain (after I'd put in the admin account/password). After I had to restart then, I couldn't get on at all. I ended up just putting this guys main harddrive as secondary in a different box so he could get back to work and have all his files. His windows install was getting old and balky anyway, so I think this actually isn't such a bad fix. Killed my test workstation though!
Thanks for all the help everyone!
- Status
Similar threads
- Locked
- Question
- Locked
- Question