Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

your local security policy does not permit you to log on interactively 3

Status
Not open for further replies.

1nterpol

IS-IT--Management
Apr 2, 2007
78
IE
i created a new user in active directory and i receive this error when i try to logon to any pc on the domain.

This is probably something simple but if anyone could help that would be great.
 
You need to allocate this user local admin rights in the AD profile. Or (as a temp fix) you can log onto the workstation as an admin add the new username to the local admin group and then you should be able to log into that workstation ok.

When I was born I was so suprised I didn't talk for 18 months
 
Thanks for replying

The problem there is i dont want the user to have local admin rights.

Temporary telesales person.

 
I changed the domain group policy to allow everyone the log on locally permission but it has made no difference.

Weird thing is i copied another profile to make this one but the other profile can log onto any pc.

I deleted the profile and set i up from scratch then but i still get the same thing.

 
what security groups is this new user a member of? The user must at least be apart of the Domain Users group.
 
She's a member of the domain users group.
 
OK, now you should check on a workstations local groups. Verify that Domain users are in the local 'users' group.
 
Skimmed through the thread. Did you try adding user to member of Remote Desktop Users in Active Directory? That usually fixes those errors. Also make user local admin just to see if it works, and guarantee that error wont come up.
 
I dont want the user to have any permissions they shouldnt have, my boss is back on wed, he should know, ill post up the solution.
 
What i done to sort this was...

Go to

Start>administrative tools>group policy management

Open group policy objects

Right click default domain controllers and edit

Open computer configuration>windows settings>security settings>local policys>user rights assignments

right click on @allow to log on locally', open properties, add the user in here.

Job done.
 
We were all getting to that, we just wanted to troubleshoot first but glad that you figured it out.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top