Re: Locked out of W2K

From: Karl Levinson [x y] MVP (levinson_k@excite.com)
Date: 10/24/02 

From: "Karl Levinson [x y] MVP" <levinson_k@excite.com>
Date: Thu, 24 Oct 2002 12:23:14 -0400

"Matt Simms" <nospammatt.simms@signpost-group.co.uk> wrote in message
news:eE7fP22eCHA.1008@tkmsftngp10...
> Dear All,
>
> I have a machine (infact I'll bite the bullet and admit it's my machine -
> not a users machine). I applied a local security policy restricting logon
to
> the machine to everyone - to test whether it worked. It did - but now I
> can't get back in - I get the much mentioned "Local Policy does not permit
> you to logon interactively".
>
> Having read some of the articles on here - I decided to try the ntrights
> command - which everytime I run:
>
> NTRights -u Everyone -m \\YBSK0060862355 -r SeDenyInteractiveLogonRight
>
> I get error message: ***Error*** OpenPolicy -1073741790
>
> Which I think relates to not being able to access the afore mentioned
> machine - as whenever I try to connect to the administrative shares now -
I
> get the error message:
>
> System error 1385 has occurred.
>
> Logon failure: the user has not been granted the requested logon type
> at this computer.
>
> So I'm really scuppered - anyone got any brain waves before I scrap it and
> rebuild it.

Bless you for searching the newsgroup before posting. It's so refreshing
when someone does this.

Assuming this is in the local policy and not domain policy, you could try
the tip below:

www.jsifaq.com/SUBG/TIP3300/rh3361.htm

OR, manually renaming the SAM files at C:\WINNT\SYSTEM32\CONFIG\SAM and
C:\WINNT\REPAIR\SAM might also fix this problem [and would also delete all
other local accounts which you had created on your computer, and reset the
Administrator password to be blank].

This can be done by booting from a DOS or Windows 9x boot floppy [though if
your hard drive is formatted in NTFS format, you can't rename files this way
unless you purchase NTFSDOS Pro from www.winternals.com ]. You can also
rename the SAM files by moving the hard drive from the computer to another
Windows 2000/XP/NT computer, or by installing a second copy of Windows
2000/XP/NT to a different folder on the computer.

[Thanks to Raymond Sinnappan, Sandi Hardmeier and others]

Relevant Pages

  • Re: Remote Desktop Connection installation
    ... target=_self name="The local policy of this system does not permit you to logon interactively.">"The local policy of this system does not permit you to logon ... because the W2K domain controller running Terminal Services does not have the Users, Authenticated Users, or Everyone global group added to the Group Policy Object for the "Log on Locally" user right. ... "Log on Locally" is a required user right in Microsoft Windows NT 4.0, Terminal Server Edition and Windows 2000 ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: XP Login
    ... If you have access to the affected computer via a LAN connection, from a Windows XP or Windows 2000 machine: ... Once you've determined the correct SID for your user account, right click the appropriate subkey and select Export. ... I> get the message "The Local Policy of This System Does Not> Permit You to Logon Interactively". ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Problem with logon
    ... You receive the 'The local policy of this system does not permit you to logon interactively'? ... Microsoft MVP ... Get Windows XP Service Pack 2 with Advanced Security Technologies: ...
    (microsoft.public.windowsxp.help_and_support)
  • RE: The local policy of this system does not permit you to logon interactively
    ... "The local policy of this system does not ... permit you to logon interactively". ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Cannot logon to server
    ... You try to logon the server, you get "The local policy does not permit ... Double-click the Local Policy branch to expand it, ...
    (microsoft.public.windows.server.sbs)