Announcement

Collapse
No announcement yet.

local policy of this system doesn't permit you to logon interactively

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • local policy of this system doesn't permit you to logon interactively

    Hey all -

    We recently purchased another laptop to add to our network. Connecting to the network works fine but trying to logon on locally is where the problems start. Only the administers can logon locally. I want to setup a guest account so when the computer is not connected to the network others can use it. I have followed the instructions from here:
    http://www.petri.com/logon_locally_user_right.htm
    I have added the user, I am trying to log on as to both the domain and the machine policy as being allowed to logon locally and as being allowed to create global objects. But still can't logon as the guest account. Any suggestions would help.

    Thanks
    Mike

  • #2
    Re: local policy of this system doesn't permit you to logon interactively

    Hi mz91184. Welcome to the forum.

    -What OS are you running?
    -Is the laptop a domain controller?
    -What exactly are the steps you took?

    Please review:
    http://forums.petri.com/announcement.php?f=11
    http://support.microsoft.com/kb/555375
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: local policy of this system doesn't permit you to logon interactively

      Thanks for the quick reply

      1 - Server is running Windows 2000
      Laptop is running Windows XP Professional
      2 - The laptop isn't the domain control our network server is.
      3 - Here are the instructions I followed

      If you still want to do it via the GPO, do the following:
      a. Go to Start, Settings, Control Panel, Administrative Settings.
      b. Double-click Domain Controller Security Policy.
      c. Go to Security Settings, Local Policies, User Rights.
      d. Double-click Logon Locally on the right pane.
      e. Click Add, Browse, and double click the user or group you want to add.
      f. Click Ok all the way out.
      g. secedit /refreshpolicy machine_policy /enforce

      The problem is the rights configured on the server never update on the laptop or other computers. I think if these rights would be updated or something it might work? I am new to this stuff so any help would be appreciated.

      Mike

      Comment


      • #4
        Re: local policy of this system doesn't permit you to logon interactively

        First of all you'll notice that the instructions you followed were for logging on to the domain controller. I would undo the settings you configured in the Default Domain Controller Policy as it presents a security risk.

        One way, of many, to address your goal of configuring a user to log on while not connected to the network you could create a local user on the laptop. Now I don't know if this will suit your needs because I don't rightly know what the problem you're trying to solve is. Could you elaborate a little on your situation?
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment


        • #5
          Re: local policy of this system doesn't permit you to logon interactively

          Hey -

          That is our goal of creating a local guest user for this laptop and have already created it, but when I try to log on using the guest account I get the error message:
          local policy of this system doesn't permit you to logon interactively
          When I give the guest admin rights it can logon but any other settings it is unable to. The only reason I have tired other things is because that is what I found on the internet while searching.

          Mike

          Comment


          • #6
            Re: local policy of this system doesn't permit you to logon interactively

            Basically the owner of our company purchased a new laptop and wants to allow family member to use it when he brings it home. So he wanted to setup a local guest account and gets the error message:
            local policy of this system doesn't permit you to logon interactively
            when trying to log onto the local guest account. We just want to fix this to allow guests to logon when not connected to the network

            Mike

            Comment


            • #7
              Re: local policy of this system doesn't permit you to logon interactively

              Is it the guest account? (If so, create a local user account and give it a password)
              Have you implemented group policy that dictates who can logon to certain computers?
              Regards,
              Jeremy

              Network Consultant/Engineer
              Baltimore - Washington area and beyond
              www.gma-cpa.com

              Comment


              • #8
                Re: local policy of this system doesn't permit you to logon interactively

                I have already created the local guest account on the machine and when trying to log into the local guest account I get this error:
                local policy of this system doesn't permit you to logon interactively

                We allow all users in the company to logon to any machine. We only do this because we are a small company and need to move people around at some points. Is this a really weird error for what I am trying to do?

                Mike

                Comment


                • #9
                  Re: local policy of this system doesn't permit you to logon interactively

                  Lets go all the way back to the start.

                  You have created a user, with what rights??, on your laptop.

                  When you try and logon you press CTRL+ALT+DEL and enter the LOCAL username and password and you also select the machine name and not the domain name from the drop down box??

                  Have you also had a look here on th local machine GPO?? (Start, Run and type gpedit.msc)
                  Attached Files
                  Last edited by wullieb1; 11th December 2006, 22:16.

                  Comment


                  • #10
                    Re: local policy of this system doesn't permit you to logon interactively

                    Ok

                    I have created a local guest user with guest rights and can't login to the local computer using this setup. If I change the rights of the guest to admin I can login. I want to keep the rights as guest and solve this problem. Yes I do select the local computer and not the domain from the drop down. Any ideas would help

                    Mike

                    Comment


                    • #11
                      Re: local policy of this system doesn't permit you to logon interactively

                      Look at the local policy on the machine and add the guest account you created to the log on locally properties.

                      Comment


                      • #12
                        Re: local policy of this system doesn't permit you to logon interactively

                        So when I type gpedit.msc and run it I can find the local logon policy but it doesn't allow me to add any groups. It is greyed out and instead of the blue icon there is are two comps with the blue icon between them

                        So how Do I add the group with this problem?
                        Attached Files
                        Last edited by mz91184; 11th December 2006, 22:24. Reason: Added Question

                        Comment


                        • #13
                          Re: local policy of this system doesn't permit you to logon interactively

                          Originally posted by JeremyW View Post
                          Is it the guest account? (If so, create a local user account and give it a password)
                          Why not make it a member of the local Users group?
                          Regards,
                          Jeremy

                          Network Consultant/Engineer
                          Baltimore - Washington area and beyond
                          www.gma-cpa.com

                          Comment


                          • #14
                            Re: local policy of this system doesn't permit you to logon interactively

                            I'm not sure i understand what you mean.

                            Are you logging on as an administrator when you are making these changes??

                            Did you double click the Logon Locally option to get the properties box??

                            You then need to press the button and add your users from there.
                            Attached Files

                            Comment


                            • #15
                              Re: local policy of this system doesn't permit you to logon interactively

                              A little confused on what you mean. Could you clarify?

                              Mike


                              Opps didnt see that second post
                              Last edited by mz91184; 11th December 2006, 22:28. Reason: change

                              Comment

                              Working...
                              X