Announcement

Collapse
No announcement yet.

Local login denied for single Win2k Workstation - Can you help?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Local login denied for single Win2k Workstation - Can you help?

    Hello All,
    I have recently run into a problem with one of my user's workstations. I manage a small office of about fifteen workstations which are all connected to a Windows 2000 Advanced Server directory. The users like to move around a lot and on the slightest whim, so I've resorted to setting everything up with roaming profiles. I know, makes things complicated don't it? That's not the issue, however one of my regular employee's workstation does not want to allow any domain based user to log in locally. That same user can log in at any other station in the building without a problem and download his roaming profile from the domain server.
    At this person's station however I am unable to log in with ANY account unless it is a domain/enterprise admin account, any local user account, or one of the terminal accounts I have set up. Once again, any time I try to log in with any other account I get an error of "The local policy does not permit you to log on interactively." I've got one hair of patience with this stupid computer left before I reformat it and reinstall everything, please help!

    Machine Specs:
    OS: Windows 2000 Professional SP4 with updates
    CPU: Dual Pentium III's @ 700Mhz
    RAM: 768 MB
    NIC: Airlink 54G Wireless connection
    IP set by DHCP system

  • #2
    Re: Local login denied for single Win2k Workstation - Can you help?

    Have you tried removing it from the domain, deleting the AD computer account, renaming the client and then rejoining it to the domain? 10mins work, max.
    A recent poll suggests that 6 out of 7 dwarfs are not happy

    Comment


    • #3
      Re: Local login denied for single Win2k Workstation - Can you help?

      Originally posted by greenboy View Post
      Hello All,
      I have recently run into a problem with one of my user's workstations. I manage a small office of about fifteen workstations which are all connected to a Windows 2000 Advanced Server directory. The users like to move around a lot and on the slightest whim, so I've resorted to setting everything up with roaming profiles. I know, makes things complicated don't it? That's not the issue, however one of my regular employee's workstation does not want to allow any domain based user to log in locally. That same user can log in at any other station in the building without a problem and download his roaming profile from the domain server.
      At this person's station however I am unable to log in with ANY account unless it is a domain/enterprise admin account, any local user account, or one of the terminal accounts I have set up. Once again, any time I try to log in with any other account I get an error of "The local policy does not permit you to log on interactively." I've got one hair of patience with this stupid computer left before I reformat it and reinstall everything, please help!

      Machine Specs:
      OS: Windows 2000 Professional SP4 with updates
      CPU: Dual Pentium III's @ 700Mhz
      RAM: 768 MB
      NIC: Airlink 54G Wireless connection
      IP set by DHCP system
      Removing it from the domain is unlikely to help as you can already authenticate with the domain and logon interactively except only with the administrator account.

      Someone has amended the local security policy on that machine (secpol.msc) or removed domain users from Users group on the local machine. Have a look at the local groups on that machine and ensure the domain users or whatever user account you are using to log on with is present in the local groups. In addition if you have a look at the machines local security policy investigate under secpol.msc>local policies>user right assignments>deny logon locally and see what user accounts are specified there.

      Comment

      Working...
      X