You can view this right by opening the StartProgramsAdministrative ToolsLocal Security Policy (another location...
for Administrative Tools is control panel). Open the Local PoliciesUser Rights container and view "Logon Locally" to see how your system is set (interactive logon = logon locally). The setting can be modified here or through Group Policy. If Group Policy at the domain or OU level is applied, local settings may not matter. Look in the Local Security Policy location for the "effective settings" column. This is the setting that is effective for this machine.
While you are there, view the "Deny logon locally" user right, as individual user accounts or groups may be singled out to prevent access even though the Logon Locally right would seem to give them that ability.
In your situation, it may be that groups other than Administrators have been removed from the "Logon Locally" right, or added to the "Deny logon locally" right. To provide them the ability to logon interactively, you'll have to either remove their group from "deny logon locally" or add it to "Logon Locally." However, if these settings originate from a Group Policy applied at the domain or OU level, the policy must be changed at that level, not at the local level, and you will need appropriate permissions to do so.
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.