Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Server 2003 Group Policy Log on Locally

Status
Not open for further replies.
amunn

amunn

IS-IT--Management
Jul 30, 2008
12
US
I am hoping maybe someone might have the answer to this question...

We run Server 2003 with Windows XP computers joined to the domain. We currently have all our users assigned as Administrators on the domain (that's the way it was setup), we want to back all the XP machines down to users on the domain so they are somewhat restricted on being able to install software. When we change the user account to users and try to log on, it says "The local policy of this system does not permit you to logon interactively."

We have found the place for client computers on the server where there is a rights restriction for "Allow log on locally", when we change that and push the policy to the domain computers, the XP machine shows that it received the policy but on the XP machine user rights, it still shows just Administrators can log on locally.

Anyone have any advice that might have worked for them?

Thanks in advance,
Andrew
 
Sort by date Sort by votes
you may have to check the local machine security policy for the "Allow log on locally" setting. If someone set it per machine (which is nuts), this Local GP will override anything the domain GP pushes out.

Cliff, MCSE/MCSA/MCTS/CCNA/VCP/CCA
 
Upvote 0 Downvote
Thanks for your response - I had already looked at that because I thought the same type thing, it is grayed out on the local machine policy so it appears that it is looking toward the domain on the allow log on locally setting, but it never updates no matter what we change on the server.

Let me know if you have any other ideas, thanks again for your suggestion.
 
Upvote 0 Downvote
You need to check for policy inheritance problems, basically the domain policy and any polcies above the policy for the OU the pc's are located in, are there policies above that it may be inheriting and overiding your settings? If you don't have GPMC installed, I would highly suggest it. Somewhere above where the computer accounts are located is overriding all machines. On the machines, can you run gpupdate /force and maybe a gpresult to try and figure this thing out?

Cliff, MCSE/MCSA/MCTS/CCNA/VCP/CCA
 
Upvote 0 Downvote
We do have GPMC installed and it looks like everything should be pushing to the computers just fine. The computers don't even have the ability to change anything on the logon locally unless I remove them from the domain, then that can be edited. We tried the gpupdate / force, the workstation pulled a new policy, verified it by using gpresult. The same field on the server has been changed to include the users field, doesn't seem to make any difference.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
236
MaioMaio
MaioMaio
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
292
Aquiles Vidal
Aquiles Vidal
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
348
suncit
suncit
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
242
antonio_dsanchez
antonio_dsanchez
jamescpp
  • Locked
  • Question
Windos OpenSSH server vulnerability
Replies
0
Views
279
jamescpp
jamescpp

Part and Inventory Search

Sponsor

Back
Top