Local Policy of This System Does Not Permit You to Logon Interactively error when try to logon to xp

[gary]

I have a user who came in this morning and tried to login to two different
XP PCs and both gave that error.

he was trying to login to the domain, not local on the PC
I was able to login to the PC just fine. I even added his user account to
the PC, no effect.

I had him login to a windows 98 PC and that worked fine, so he can check his
email.

what the heck is going on here?

he was able to login yesterday to these same XP PCs, his account is not
locked out, he is trying to login to the domain on XP Professional, but just
starting today he gets this error "the policy of the system does not permit
you to login interactively"

 

[Guest]

You receive the 'The local policy of this system does not permit you to logon
interactively'?
http://www.jsifaq.com/SUBP/tip7500/rh7579.htm

 

[gary]

okay, NOW I am getting if from all kinds of people.

I dont see any errors on my domain controllers, but I am going to try to
reboot and see if that works.

what is happening?

gary

 

[Althorson]

After you login, from the control panel select Administrative tools>local
security policy. From there drill down to Local Policy>User Rights
Assignments. On the right hand side there are several things to check. Deny
Logon locally, to see if his name is listed, remove it if it is. Log on
Locally, to see if his name is there, add it if it is not.

 

[gary]

yesterday I was trying to get arcserve to send email alerts on my windows
2000 PDC, and they had me go into account properties for the arcserve
account and chage the Primary Group from Domain Users to Domain Admins.
and I had to go into domain controller security policy, local polices, user
rights assignements give the arcserve account the rights to act as part of
operating system, log on locally, and log on a service.

now when I look at a PC that gets this error I see the arcsere account has
log on locally and log on as service rights on this particular PC.

is this my issue?

gary

 

[gary]

let me say again, I hate arcserve.

I followed their instructions to give the arcserve user account the rights
to act as part of OS, logon locally, logon as service yesterday evening.
Arcserve recommended doing this to create an arcserve system account so that
I could have it email me the status of the backup job on the windows 2000
server.

this morning I had the error message about logging on interactively on
several computers.

I went back in and removed those rights from the arcserve account and guess
what? after doing a group policy update they could login again.

of course now I wont get the emails from arcserve on my backup jobs.

is one of these rights a no-no, or all of them?

I cant believe that following info from arcserve website on how to create an
arcserve system account under windows 2000 would cause me a problem like
this.

oh well, live and learn.

gary

 

[Kurt]

That one gets a lot of us! You can add the local policy "log on
interactively" as log as you add the users and/or groups that you want to
allow. If you don't, you've effectively denied everyone that right!

....kurt