Ask the Expert

Receiving "Local policy prevents interactive logon" from Win2k clients

On my Win2000 clients, I can log on with administrative privileges locally or to the domain. However, with any other user account I receive the message "Local policy prevents interactive logon." How do I fix it?
Interactive logon permission is a logon right that normally would be set to allow logon by Users, Power Users, Administrators, Backup Operators and the local guest account. Domain accounts get their permission because Domain Users is normally a member of Users, and Domain Admins is normally a member of the local Administrators group.

You can view this right by opening the StartProgramsAdministrative ToolsLocal Security Policy (another location for Administrative Tools is control panel). Open the Local PoliciesUser Rights container and view "Logon Locally" to see how your system is set (interactive logon = logon locally). The setting can be modified here or through Group Policy. If Group Policy at the domain or OU level is applied, local settings may not matter. Look in the Local Security Policy location for the "effective settings" column. This is the setting that is effective for this machine.

While you are there, view the "Deny logon locally" user right, as individual user accounts or groups may be singled out to prevent access even though the Logon Locally right would seem to give them that ability.

In your situation, it may be that groups other than Administrators have been removed from the "Logon Locally" right, or added to the "Deny logon locally" right. To provide them the ability to logon interactively, you'll have to either remove their group from "deny logon locally" or add it to "Logon Locally." However, if these settings originate from a Group Policy applied at the domain or OU level, the policy must be changed at that level, not at the local level, and you will need appropriate permissions to do so.

This was first published in September 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: