Home / the local policy of this system logon interactively The local policy of this system logon interactively 07/04/2021 Today 2 home windows xp workstations (I recognize...I know) on our doprimary won"t permit the user to login. Tbelow isn"t a password error however a message that claims "Local plan does not permit you to log on interactively"The domajor controller for these dinosaurs is via Windows 2000.You watching: The local policy of this system logon interactivelyI"ve found a bunch of stuff on google that talks about the local protection plan which I"ve tweaked but to no avail. What"s weird is that I have the right to login with the local administrator. And I can login via a domajor admin account. I tried taking the computer off the domain, and also then joining it aget too. But that didn"t work-related. Best Answer JalapenoOP Mike Keighley This perchild is a showed experienced. Verify your account to enable IT peers to check out that you are a skilled. Sep 25, 2014 at 15:13 UTC Go_Devils42 wrote:And I deserve to login with a domain admin account. I tried taking the computer system off the domain, and also then joining it again too. But that didn"t work-related.Yes, that is the usual one in my experience: the machine account password gets out of sync via the DC. Usually though, that breaks domain-admin login and also domain-user login and also needs regional admin in order to leave/re-join the domain. So, maybe not in this case...The cramelted doprimary controller sounds choose a suspicious coincidence ! Have you run dcdiag given that it came earlier up ? Also repadmin /showrepl (assuming you have actually more than one DC ?)Also inspect the workstations for any kind of event log entries which might imply challenge talking to the DC (any kind of DC, not just the one you think they are authenticating against) View this "Best Answer" in the replies listed below » 12 Replies · · · SerranoOP rtash32785 Sep 24, 2014 at 21:07 UTC Just making sure what the issue is - did you check ? http://assistance.microsoft.com/kb/289289 2 · · · Ghold ChiliOP Sid Phiilips Sep 24, 2014 at 21:10 UTC My guess is something is up via the prorecords. You said it"s random, what execute you carry out, simply save rebooting until it let"s you in? 1 · · · JalapenoOP Go_Devils42 Sep 24, 2014 at 21:27 UTC rtash - tried that and no luck sadlytrel - I misoffered the word random. Just expected that there were 4 workstations in this area through the exact same GPO. They"ve been offered daily for months through no problems.It actually never before permits the user that demands accessibility in. It only permits regional administrator or the domain administrator access.Now... here"s the kicker. The DC that runs ADs for these XP machines shed its power throughout an outage last night once the UPS ran out of juice. I"ve rebooted the DC. I"ve done device restores on the two workstations yet to no avail.Any further thoughts? 0 · · · Gorganize ChiliOP Sid Phiilips Sep 24, 2014 at 21:33 UTC You said you can login using the domajor admin account, include an additional user from the domajor (one that has never before been on this machine) and also check out if it will login effectively. 1 · · ·Pure CapsaicinOP DragonsRule This person is a proved experienced. Verify your account to allow IT peers to view that you are a skilled. Sep 24, 2014 at 21:45 UTC Active Directory & GPO expert 150 Best Answers 142 Helpful Votes Do you have actually any type of GPOs with Deny Logon Locally? Maybe the customers in question have actually that applied? 0 · · ·· · ·JalapenoOP Go_Devils42 Sep 24, 2014 at 21:53 UTC I guess my question is why would certainly this have actually changed? That was the random statement. Our GPO is the very same for all workstations. And we have no difficulties via any type of other makers.See more: How To Bypass Factory Reset Protection ( Frp Bypass Note 5, Frp Bypass Galaxy Note 5 Android 7Will attempt logging in with one more non-admin user though. Great idea 0 · · ·Thai PepperOP RobT64 This perkid is a showed skilled. Verify your account to permit IT peers to view that you are a expert. Sep 25, 2014 at 00:36 UTC Some protection upday that was applied and also never rebooted after maybe? As a test perhaps add domain customers to the neighborhood administrators group and also watch if they have the right to log in then. That will tell you if it"s a neighborhood plan point.RobT. 3 · · ·SerranoOP Steve Consolini Sep 25, 2014 at 02:18 UTC You can try to run RSOP against among the offfinishing equipments to see which GP is leading to the worry. 0 · · ·JalapenoOP Matthew666 Sep 25, 2014 at 05:54 UTC Try checking the neighborhood plan of the COMPUTER by making use of gpmodify.mscCheck that the protection team Users is detailed under Computer Configuration -> Windows Settings -> Security Setups -> Local Policies -> User Right Assignments -> Allow log on locallyMake certain that user account that is having trouble is also a member of the Users team. 1 · · ·JalapenoOPBest Answer Mike Keighley This perchild is a showed professional. Verify your account to enable IT peers to watch that you are a experienced. Sep 25, 2014 at 15:13 UTC Go_Devils42 wrote:And I deserve to login with a doprimary admin account. I tried taking the computer off the domain, and then joining it again too. But that didn"t job-related.Yes, that is the usual one in my experience: the machine account password gets out of sync with the DC. Usually though, that breaks domain-admin login as well as domain-user login and demands regional admin in order to leave/re-join the domain. So, maybe not in this situation...The crashed doprimary controller sounds favor a suspicious coincidence ! Have you run dcdiag considering that it came back up ? Also repadmin /showrepl (assuming you have actually even more than one DC ?)Also check the workstations for any type of event log entries which can indicate obstacle talking to the DC (any DC, not just the one you think they are authenticating against) 1 · · ·PimientoOP phuongle2 Sep 25, 2014 at 20:38 UTC Not sure if you tried this but I would certainly dis-sign up with and delete the computer system object in AD and then re-resign up with.See more: Called A Phone But Got User Busy Iphone Meaning, What Does User Busy Mean 0 · · ·JalapenoOP Go_Devils42 Sep 26, 2014 at 18:46 UTC So basically somehow the workstations gained kicked out of the group they were in and required to be re-included in order for their particular login to work-related per the team plan. This is the watered dvery own variation of what occurred, but I appreciate all the help and currently understand way even more than I had prior to functioning on this.But that"s the great part of the jiyuushikan.org right? What does not make you pull your hair out makes you more practical of an ascollection. Or something... :) 2 This topic has been locked by an administrator and also is no longer open for commenting.