new windows 2000 users cannot login locally

From: Terry Carter (
Date: 09/25/02

From: (Terry Carter)
Date: 25 Sep 2002 10:53:26 -0700

Here's the issue.

We have several windows 2000 servers across several offices that all
work on a single domain (Through VPN) we have 5 domain controllers
(Active Dir) and several domain member servers.

Here's the problem:

When we create new user accounts you cannot log into workstations
because of the local policy doesn't allow them to login locally. I've
added the users to the login locally part of the policy without
success. The only answer I found was to add the user to the
administrators group.

Second when installing services on non domain controllers it will add
the login user to the run as services group and all is fine. However
if I restart the machine the services will not start because it says
that user cannot login locally. If you goto the servers manager and
resave the user info it again adds the user to the run as a service
group and all is good until we reboot.

This services problem is big because we have users with programs such
as oracle on their workstations that will not start after a reboot
without reseting the user info in the services manager.