Error Message: The Local Policy of This System Does Not Permit You to Log on Interactively (276590)
The information in this article applies to:
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Datacenter Server
This article was previously published under Q276590 SYMPTOMS
When you add a group, such as, Domain Users, Everyone, or Authenticated Users, to the "Deny Logon Locally" user right, users that are members of those groups can no longer log on to certain computers. When a user tries to log on to the computer, the user may receive the following error message:
The Local policy of this system does not permit you to log on interactively.
The administrator of your system may find this behavior to be unexpected.
CAUSE
This behavior may occur because the user (such as, the administrator, who is a member of a group that has been explicitly granted the "Logon Locally" user right) may also be a member of the preceding groups. Any of the preceding groups may deny users access to the computer in which case a policy that sets the denial of user rights takes precedence over a policy that enables user rights.
RESOLUTION
To work around this behavior, you can access the computer that is denying a user access by means of an administrative account situated on another client. Then you can use the Ntrights.exe program from the Microsoft Windows 2000 Resource Kit to remove the user from the "Deny Logon Locally" user right.
To perform this procedure, use the following (case-sensitive) syntax:
ntrights -m \\computer -u group or user to remove -r
SeDenyInteractiveLogonRight
STATUS
This behavior is by design.
| Modification Type: | Minor | Last Reviewed: | 1/26/2006 |
|---|
| Keywords: | kberrmsg kbprb KB276590 |
|---|
|