Error Message: The Local Policy of This System Does Not Permit You to Logon Interactively (285793)

RESOLUTION

To resolve this issue, create an organizational unit for computers that you want to exclude from the "Deny logon locally" policy, and then grant the "Log on locally" policy to individual users or groups in the organizational unit:

1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
2. Right-click the domain name, point to New, and then click Organizational Unit.
3. Type the name of the new Organizational Unit, and then click OK. For example, you might type MyTestOU.
4. Put the computers to which you want to grant the Logon Locally right in the Organizational Unit that you created in step 3:
   1. Click the container that contains the computer or computers that you want to move.
   2. Select the computers, right-click the computers, and then click Move.
   3. In the Move dialog box, click the organizational unit that you created in step 3, and then click OK.
5. Right-click the organizational unit, and then click Properties.
6. Click the Group Policy tab, click New, type the Group Policy Object name, and then click Edit.
7. Under Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click User Rights Assignment.
8. In the right pane of the Group Policy dialog box, right-click Log on locally, and then click Security.
9. Click to select the Define these policy settings check box, click Add, and then click Browse.
10. Click those users to whom you want to grant the "Log on locally" policy, click Add, and then click OK two times. To select multiple users or groups, press and hold the CTRL key down, and then click individual objects.
11. Click OK to close the Security Policy Setting dialog box.