lost right to logon interactively

[Sandy]

this afternoon I logged off a domain controller on the
parent domain. The account is Administrator.
I tried to log back on and I got 'The local policy of this
system does not permit you to log on interactively'
message. This is THE administrator account for the parent
domain. I have no idea what happened. Other accounts can
log on to the parent domain servers, including the admins
for the child domains and my personal account (enterprise
admin).
This is on every server in the domain. The administrator
for the parent domain gets the same message.
Help! How do I restore this, what could have possibly been
changed? I did nothing today except uninstall an eval
edition of SMS on one of the parent domain controllers.

thanks!
Sandy

 

[ALEX]

Hi sandy
i have axactly the same problem.
do you have the solution?
thanks
alex

 

[Steven L Umbach]

Somewhere the user rights assignments for logon locally or deny logon locally are
causing this. If it is just domain controllers, then I would suspect at the Domain
Controller Security policy level, otherwise it may be at the OU level where servers
are located. You need to check those two rights. Deny logon locally overrides entries
in logon locally. If you can not log onto a domain controller interactively with an
account with administrator rights for the domain, then try installing Adminpak [on
install cd in I386] on a domain member computer which will allow you to manage
Group/Security policy remotely as long as you can log onto that computer as a user
that has administrator powers in the domain. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;216999