Question : "The local policy of this system does not permit you to logon interactively"

Hello.

Issue: User cannot login to the domain, through a client, because of the "The local policy of this system does not permit you to logon interactively", error.

Setup:
Server: Windows Server 2003 SP2 (Not R2) - DNS, DHCP, File Server, DC all working correctly.
Client: Windows XP - virtual client using Virtual PC.

Now the user in question has been added to the Remote Desktop group. The OU, for the user, has GPO's of setup of;

Allow log on locally (the user has been added, as well as the remote desktop group)
Allow log on through terminal services, again the remote desktop user group, and user name has been added.

On the users profile, the Deny this user permission to log on to any Terminal Sever, is not checked.

Now, if I go an add the user, manually on the XP client - that is to say I login as the network administrator, and add the user - entering user name + domain name, then the user can login to the domain via that client.

So, the issue here is why can a user not connect to the domain, unless he's been added manually to the client, with his domain credential. This rules out domain issues, and must be because of some policy. Its strange that once the user has been added, manually, to the local machine he can logon just fine.

If I have to manually add each user to a specific machine, defeats the purpose of having a DC, as you know. But, I'm not adding the user locally, I'm actually adding the domain credentials of the user.

Any ideas.
Thanks.

Answer : "The local policy of this system does not permit you to logon interactively"

Hi again,
I'm a bit confused now.
Do you want to exclude reporting on userids which has been su'ed to?
In this case your report is indeed fine.
The "time_last_login" value of a user doesn't reflect su'ing to that user. Successful use of su resets the "unsuccessful_login_count" attribute only if the user's rlogin and login attributes are both set to false.
Of course the last login time of the user who issued "su" is recorded.
If you want to report on "su" use you will have to examine /var/adm/sulog. The drawback with that file is that the date is contained in mm/dd hh:mm format - that's not seconds since epoch, and there is no year!
Anyway - your script is a real nice thing - I can't see anything wrong with it!
wmp

Random Solutions

windows 7 home password policy

Does this HP ML370 G3 server support 64-bit OS?

A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer

Video Chat Capabilities

WHat is the recommended size for the swapfile for my SQL Server ?

3d barcodes (q-codes)

Fill Combo Box Method

prstat vs top command

Exchange 2010 on Windows Server Enterprise 2008 SP2 Locking Up

Modifing the configuration of a PIX 515 with Fail-over license