Non-Domain Users Cannot Log On Locally or Interactively to Domain Members (276580)
The information in this article applies to:
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Professional SP1
This article was previously published under Q276580 SYMPTOMS
On a Windows 2000-based domain member, when you try to log on as a local administrator or as any other local user, you may not be able to log on and you may receive the following error message:
The Local policy of this system does not permit you to log on interactively.
Logging on as a domain user or a domain administrator works correctly.
CAUSE
This behavior can occur for any of the following reasons:
- A Group Policy object (GPO) is configured with the "Log on Locally" policy at the domain, site, or organizational unit level. The policy has the Domain Users group or groups with only domain users defined, but does not have the Everyone special group defined.
- The local policy on the member computer has the same GPO defined with the Domain Users group or groups with only domain users defined, but does not have the Everyone special group defined.
RESOLUTION
In the policy that is defined at the domain, site, or organizational unit level, add the Everyone group to the list of users and groups that are defined in the "Log on Locally" policy, or change the "Log on Locally" policy to "Not configured."
| Modification Type: | Major | Last Reviewed: | 11/20/2003 |
|---|
| Keywords: | kbGPO kbprb KB276580 |
|---|
|