Re: administrator unable to logon interactively

From: Karl Levinson [x y] MVP (jamescagney90210@excite.com)
Date: 10/19/02 

From: "Karl Levinson [x y] MVP" <jamescagney90210@excite.com>
Date: Sat, 19 Oct 2002 10:41:46 -0400

there are a number of fixes at www.jsifaq.com [and
www.microsoft.com/support ] if
you search for the error message or for NTRIGHTS. One of the fixes
mentioned using NTRIGHTS from the Windows resource kit [which is not free].
Another mentioned replacing the secedit databases. It seems deleting the
SAM files
might be another fix [though I understand there's no SAM file on Windows
2000 controllers]. I don't know which of these if any will work on a
Windows 2000 domain controller. Couldn't you also try changing the domain
controllers Group Policy from another computer and waiting 90 minutes or so
for the setting to be refreshed on the domain controllers?

When trying the first fix, note that the deny interactive logon permission
takes precedence, so that if the Administrator is in a group like Everyone
where the deny interactive logon setting is set, adding the user or group to
the allow interactive logon list will not work. Instead, you'd also need to
determine which group was denied permission and remove that group from the
deny list.

If any of this works, please let us know [or let me know].

"praks25" <praks25@aol.com> wrote in message
news:748001c27700$a0dfebd0$3bef2ecf@TKMSFTNGXA10...
> A member of the administrators group accidentally removed
> the "administrators" group from rights to logon
> interactively in the "domain controller policy settings"
> at the domain controller. this was immediately replicated
> to the secondary domain controller and no one in the
> administrators group including the administrator can logon
> to the primary domain controller or the secondary domain
> controller.
> the message received at logon attempts is this
> " the group policy of this system does not allow you to
> logon interactively"
> Is there anyway to fix this problem?
> Since the administrator cannot logon interactively the
> domain cannot be administered.
> any help would be appreciated
> thank You
> praks25

Relevant Pages

  • Re: Administrator unable to log on Interactively
    ... Firstly i tried accessing the domain controller C drive ... I think the policy has been changed in the "local security ... >> administrator is not able to log on interactively. ... >Interactive Logon setting takes precedence over the Allow ...
    (microsoft.public.win2000.security)
  • Re: create support admin user
    ... configuring the "logon locally" user right in Domain Controller Security ... being an administrator but you can test that out to see if it suits your ... I would like to give a support user the ability ...
    (microsoft.public.win2000.security)
  • Administrator unable to log on Interactively
    ... administrator is not able to log on interactively. ... on to the primary domain controller. ... one of the computers in the domain after I logged in as ... "Logon failure: The user has not been granted the ...
    (microsoft.public.win2000.security)
  • Re: Urgent Policy question
    ... Well the solutions I listed should work for you if you can not logon to ... >> able to logon to a domain controller locally unless you changed both ... >> and Domain Controller Security Policy. ... >> administrator or entering domain administrator credentials when you try ...
    (microsoft.public.win2000.group_policy)
  • Re: Urgent Policy question
    ... able to logon to a domain controller locally unless you changed both Domain ... share to restore default user rights for Domain Controller Security Policy. ... administrator or entering domain administrator credentials when you try to ...
    (microsoft.public.win2000.group_policy)