"The local policy of this system does not permit you to logon interactively" error message when you log on to your Windows 2000-based computer (826903)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Professional

SYMPTOMS

On a Microsoft Windows 2000-based computer, when you try to log on locally or try to log on to the domain, you receive the following error message:
The local policy of this system does not permit you to logon interactively.
If you try to log on to the domain as a domain administrator, you receive the following error message:
The system cannot log you on to this domain because the system's machine account in its primary domain is missing or the password on that account is incorrect.
If you use the Netdom.exe utility to reset the security channel to the domain controller, you receive the following error message:
The trust relationship between this workstation and the primary domain failed.
If you use the Nltest.exe utility to test the security channel to the domain controller, you receive the following error message:
Access denied.

RESOLUTION

To resolve this issue, follow these steps:
  1. Restart the Windows 2000-based computer, and then run the Recovery Console.
  2. From the Recovery Console, type copy c:\winnt\repair\security c:\winnt\system32\config\security at the command prompt, and then press ENTER.
  3. At the command prompt, type exit, and then press ENTER to exit the Recovery Console and to restart the computer.
  4. Log on locally to the computer.
  5. Remove the computer from the domain, and then restart the computer.

    To do this, follow these steps:
    1. On your desktop, right-click My Computer, and then click Properties.
    2. Click the Network Identification tab, and then click Properties.
    3. Under Member of, click Workgroup. Type the name of a workgroup, and then click OK two times.
    4. Restart your computer.
  6. In the Active Directory Users and Computers snap-in, delete the computer account. Wait for the deletion to replicate to all the domain controllers.
  7. Rejoin the computer to the domain, and then restart the computer.

    To do this, follow these steps:
    1. On your desktop, right-click My Computer, and then click Properties.
    2. On the Network Identification tab, click Properties.
    3. Under Member of, click Domain. Type the name of the domain that you want to join, and then click OK. You are prompted to provide a user name and password to join the computer to the domain.
    4. Type the name and the password of an account that has permissions to join the computer to the domain, and then click OK two times.
    5. Restart your computer.
Modification Type:MajorLast Reviewed:9/1/2006
Keywords:kberrmsg kbprb KB826903 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.