Local policy do not permit log on interactively

From: Bo Dömstedt (bo.doemstedt@mbox200.swipnet.se)
Date: 05/29/02 

From: bo.doemstedt@mbox200.swipnet.se (Bo Dömstedt)
Date: Wed, 29 May 2002 21:40:17 GMT

We have a stand-alone Windows2000 machine for CAD/CAM work
and scientific calculations. We had a driver compatibility problem,
and could not fix this in the registry, as there was a "rights"
problem.

We then tried to increase the "rights". I included most "rights" to
the "Administrator" group, including the right to "Deny Logon Locally"
SetDenyInteractiveLogonRight.
Big mistake!!

This "right", that was assigned to "Administrators", locked us
out from the computer completely. Repair disks or repair methods,
on the Win2k install disk, did not help any. The system even support
this protection when using the "Recovery Console". The computer do
not have a working network card installed.

We installed a second version of Win2k on the machine, and this works
fine. Our problem is not the data files, but that this particular
computer have a very complex installation with several
"registry codes" to the hardware locks to the CAD/CAM software.

It will take many days repairing the installation, as any change to
the system will render all the install codes invalid. Reinstalling
(downtime) will cost us more than buying the computer off the shelf.

Microsoft say:
This behavior is by design.

>From the second install we have been able to load the registry files
of the first installation into the regedt32 registry editor. We are,
however, prevented from seeing all the information in these files.
The regedt32 will not load these files when they have their
original filename. This evidently show that the registry editors have
a second layer of protection, and that they cannot be used to edit
these special system registry files.

We have tried to load unbroken registry files from the second install
into the first. Finally we managed to start the second install by
booting on the first! But we cannot recover the delicate install
this way.

Support the Linux Community !!

Bo Dömstedt
Chief Cryptographer
Protego Information AB
Ideon Gamma Science Park
SWEDEN
http://www.protego.se/encrypt.htm

Relevant Pages

  • Re: Error opening & saving attachments in OE6
    ... I fully understand the time difference. ... Yes, it should, done properly...but you'd have to uninstall SP3 before you'd be able to uninstall IE7. ... Afterwards, of course, you'd need to install SP3 again and then all critical security updates released since June 2008. ... Registry Mechanic; RegistryProt 2.0) may have caused the ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: Error opening & saving attachments in OE6
    ... present up-to-date IE7 proceed smoothly? ... to install SP3 again and then all critical security updates released since ... After that, plenty of missing ... Registry Mechanic; RegistryProt 2.0) may have caused the ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: UNINSTALL WMP 10 TOTALLY
    ... It may be for several install attempts. ... Setup version 10.00.00.3802.] ... Adding dependency type 'Definition' to registry. ... SUCCESS: Package 'Windows Media Player'. ...
    (microsoft.public.windowsmedia.player)
  • Local policy do not permit log on interactively
    ... "registry codes" to the hardware locks to the CAD/CAM software. ... the system will render all the install codes invalid. ... >From the second install we have been able to load the registry files ... We have tried to load unbroken registry files from the second install ...
    (comp.os.ms-windows.nt.admin.security)
  • Re: Error opening & saving attachments in OE6
    ... Registry Mechanic; RegistryProt 2.0) may have caused the ... you're looking at a Repair Install or a format & clean ... Don't worry about iecont.dll and iecontlc.dll being missing with IE7 ... folders created for this purpose. ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)