JSI Tip 4187. The Local policy of this system does not permit you to log on interactively?

When you add a group to the Deny Logon Locally user right on Windows 2000 or Windows XP, members of that group can NOT log on to the configured computer. They receive:

The Local policy of this system does not permit you to log on interactively.

If this happens to an administrator, remember that the denial of a right takes precedence over a right that is specifically granted. If the administrator is also a member of the group that you specifically denied, they can NOT log on.

To resolve this problem, log on to another client with Domain Admin rights and use Ntrights to remove the deny right:

ntrights -m \\computer -u <group or user to remove> -r SeDenyInteractiveLogonRight

NOTE: See tip 3361.


Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish