# Solved: "local policy does not allow you to login interactively"



## Speakersrock (Dec 16, 2006)

Hi,

I have set up a server-based domain network using Windows 2000 advanced server, and windows xp pro as the clients.

I have now got another problem with it!!-

I seam to be getting the following message on all new accounts I make (by the way I use roaming profiles, and the Home Directory), It also has started randomly happing on existing accounts. I have had a couple of people just today saying that they are getting this message. However others, including myself can still log on.


"local policy does not allow you to login interactively"

Does anyone have any ideas on what it means, and how i can solve it - Because I am stumped!  

Many thanks


----------



## Couriant (Mar 26, 2002)

i think it means there is a local policy that is not allowing the user to log on the local machine.

it's been a while since i have used server 2000. Check your Local Policies, and also your Group Policies.


----------



## Couriant (Mar 26, 2002)

OK

Check your Group Policies (local and domain). Look at Local Computer Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Deny Logon Locally.


----------



## Speakersrock (Dec 16, 2006)

Hi there, Thanks for responce.

I have looked where you said, In Domain Group Polices, nothing is defined. But in local group policies, there were typ things defined. I uncheck what I could. However I could not uncheck the box for 'ASPNET' under the heading 'Efective Policy Setting.'

I will go and try to see if this has made any difference, and post back again in a few mins.


Many thanks.


----------



## Couriant (Mar 26, 2002)

http://support.microsoft.com/kb/276590/en-us may help


----------



## Speakersrock (Dec 16, 2006)

nope it is still saying that messge!
any other ideas? and do you think that checkbox, that i could'nt uncheck is important?

Thanks


----------



## Speakersrock (Dec 16, 2006)

o thank you..sorry i missed the link above! I need to be way more observant! Will go take a look!


----------



## Memnoch322 (May 11, 2005)

Computer Configuration>Windows Settings>Security Settings>Local Policies>User Rights Assignments>Allow logon locally


Add the users, user groups that you want to be able to logon to the machines here.

You can do this from the default domain policy, or for the bigger more complex setup create OU's for each department at work and link a GPO there and lock down stations depending on your group membership.


----------



## Speakersrock (Dec 16, 2006)

humm thanks all so far!, But still no luck!

Memnoch322, I followed what you sugested (domain policy) but only found that you could define it for deny, not allow. So in desperiate hope, I denied two affected users, and tried to log in (no luck) and then re-lallowed them again. (Still can't log in)

Any other ideas lol?
Oh and I tryed the link that was kindly sted above, found the tool I need but it looks like I do not have enough permission to preform the command! (you may need to see here http://forums.techguy.org:80/windows-nt-2000-xp/619441-member.html )

also, so you think there is any program or something which could just reset all the syetem polices, gsort me out of this trouble, then I could start again?

Many thanks :up:


----------



## Memnoch322 (May 11, 2005)

???? I am looking at it right now.

Alow logon locally.


----------



## Memnoch322 (May 11, 2005)

I always have trouble ataching files!!


----------



## Speakersrock (Dec 16, 2006)

Hi there, Many thanks all, This is now working. And thanks for the screenshot Memnoch322, I was in the wrong place!!


----------



## Speakersrock (Dec 16, 2006)

Now all thats left is my problem on the thread here! http://forums.techguy.org:80/windows-nt-2000-xp/619441-member.html


----------

