Make payments with PayPal - it's fast, free and secure!

Err Msg: The Local Policy of This System Does Not Permit You to Logon Interactively

The information in this article applies to:

bullet Microsoft Windows NT Workstation versions 3.5, 3.51, 4.0
bullet Microsoft Windows NT Server versions 3.5, 3.51, 4.0

SYMPTOMS

After you have set up Windows NT, joined a domain, and restarted, you attempt to log on locally. The following error message appears:

The local policy of this system does not permit you to logon interactively

CAUSE

This error occurs because the domain user (s) does not have local logon rights to the computer while connected to the domain.

NOTE: If TCP/IP is installed on the computer, another indication that the domain user does not have local logon rights is that entering the ipconfig /release command from a command prompt on the computer results in the following error message:

Access Denied

RESOLUTION (For 2 or more TRUSTED domains)

To correct this problem and provide local access when connected to the domain, do the following:

  1. Log off the current domain and log on to the local computer using an account with administrative rights.
  2. For multiple domains, create a local group and include all users from the local domain as well as global trusted domains. Give this group the "Log on locally" right. Repeat in each domain you wish to allow users to logon locally to the domain server. Follow steps 3 to 10 and repeat as needed.
  3. Go to the Administrative Tools group, select User Manager. Click on the User tab and select New Local Group...
    Enter the Group Name such as Domain Access and Description if desired.
  4. Click the Add... or Remove button as desired.
  5. Select the user (s) or group (s) to be added or removed.
  6. Click the OK button when finished
  7. Click the Policies tab, and select User Rights.
  8. In the Right: box, select the Log on locally option.
  9. Next to the Grant To: box, click Add... or Remove as desired. Select the user (s) or group (s) to be added or removed.
  10. Click the OK button.
  11. Close the User Manager.
  12. Log off and back on. At the Welcome dialog box, select the domain and log on. You now have local logon access rights. Be sure to select the domain you wish to login to.
 

Bonus Tip: To use hidden shares on another domain from your current domain (Windows NT Workstation and Windows NT Server), use the following syntax:

\\server\sharename (such as \\computer\c$)

When it pops up the dialog box as shown below:

Connect As: Password Dialog Box Access a 2nd Domain From a 1st Domain

Simply use the name of the new computer such as server1\username in the Connect As: box, then input the corresponding password, then click OK

This information came from q152478

Return to previous menu