R
Rich Roller
(I posted this also on the MS partner newsgroups but since this one is public
I'm interested to see what peers might have to say...)
Window XP Pro SP2 client connecting to Windows Server 2003 domain:
All of a sudden, when trying to logon certain users from XP machine I now get
"The local policy of this system does not permit you to logon interactively".
But only certain users have problem. Users who are Domain Admins
do NOT have problem, and a pre-existing user who already had local
profile on XP (for domain) does NOT have problem.
It seems to me that problem is on the server side (in AD) because if I put
one of the problem users into the Domain Admins group they can logon OK. If I
take them out of this group I get the error again.
On the server, I looked at the user rights "Access this computer from network",
"Allow logon locally" and "Deny logon locally". None of these seemed to have
any entries which would cause problem. Default Domain Controllers Policy is
where policy is generally set for my domain.
I've got auditing turned on (success and failure) for "audit account logon
events" and "audit logon events" and the security log does not show any
failures, just successful 672 & 673 events. I tried rebooting the DC.
I also looked at Local Security Policy on XP but didn't see anything. But a
part of me wonders if it's on the client (XP) side. I have recently been doing
some local profile migrating/renaming testing, but that doesn't seem like it
would've caused my problem. Especially since when I create a brand new user
and try to logon to XP for the very first time (no prior profile) I still get
error.
Hmm...
What could be causing this error? What should I focus on? (server or client)
Why is it only affecting new users or non-admin users?
Thanks for any help/ideas!
-Rich
I'm interested to see what peers might have to say...)
Window XP Pro SP2 client connecting to Windows Server 2003 domain:
All of a sudden, when trying to logon certain users from XP machine I now get
"The local policy of this system does not permit you to logon interactively".
But only certain users have problem. Users who are Domain Admins
do NOT have problem, and a pre-existing user who already had local
profile on XP (for domain) does NOT have problem.
It seems to me that problem is on the server side (in AD) because if I put
one of the problem users into the Domain Admins group they can logon OK. If I
take them out of this group I get the error again.
On the server, I looked at the user rights "Access this computer from network",
"Allow logon locally" and "Deny logon locally". None of these seemed to have
any entries which would cause problem. Default Domain Controllers Policy is
where policy is generally set for my domain.
I've got auditing turned on (success and failure) for "audit account logon
events" and "audit logon events" and the security log does not show any
failures, just successful 672 & 673 events. I tried rebooting the DC.
I also looked at Local Security Policy on XP but didn't see anything. But a
part of me wonders if it's on the client (XP) side. I have recently been doing
some local profile migrating/renaming testing, but that doesn't seem like it
would've caused my problem. Especially since when I create a brand new user
and try to logon to XP for the very first time (no prior profile) I still get
error.
Hmm...
What could be causing this error? What should I focus on? (server or client)
Why is it only affecting new users or non-admin users?
Thanks for any help/ideas!
-Rich