The local policy of this system does not permit you to logon interactively
From: norman jee (njee@jeenola.net)
Date: 03/17/03
- Next message: Norman Jee: "Security log filled with event 677"
- Previous message: alder: "Hei!"
- In reply to: chris@comcast.net: "The local policy of this system does not permit you to logon interactively"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "norman jee" <njee@jeenola.net> Date: Mon, 17 Mar 2003 02:54:41 -0800
If you can log on to the win2kpro system on the domain as
the "domain-administrator" then you will have local
workstation administrator rights. This is automatic when a
computer joins a domain - the domain administrator becomes
a local administrator on local machines for win2k (at least
that has been my experience)
Once logged on as domain-administrator, check the local
security policy of the win2kpro workstation and verify that
the local administrator has logon rights to the sytem.
>-----Original Message-----
>Hi,
>
>I'm unable to logon locally to a Win2k workstation.
>
>- All was fine (when it was just a member of a workgroup)
>
>- I added it to an Active Directory Domain (and created a
> computer/machine account in that domain for it)
>
>- I was able to logon to the domain.
>
>- I am not able to log on locally (with the local
> administrator account nor with my alternative account
> which has admin rights)
>
>- I attempted to use "ntrights" (as specificed in
> Microsoft's kb article # Q276590). This resulted in the
> following error:
> ***Error*** OpenPolicy -1073741790
>
>- Further web/newgroup seach suggested removing the computer
> account from the AD domain (which I did).
>
>- Now, not only can I *not* log on locally, I also not able to
> logon to the domain. I get the follow error:
>
> "The system cannot log you on to this domain because the
system's
> computer account in its primary domain is missin or the
password
> on that account is incorrect".
>
> NOTE: I'm able to use the same id/password on a known good
> win2k Pro workstation (that's has a machine
account in
> the domain). As such, the error is not in the
account.
>
>- I attempted to add the machine account from within "Active
> directory users and computers". (I right-clicked the
domain,
> selected "new", selected "computer", entered the netbios
name
> of the computer.
>
>- And, while the computer name appears, I still get the
above error.
>
>
>
>Q: How can I change the local policy of the faulty
workstation so
> that I can logon locally (with the local admin account)
if its
> no longer part of a domain?
>
>Q: How can I properly add the machine account (from the
domain
> controller console) so that a vaild domain user can use the
> faulty workstation and logon to the domain?
>
> (note: since I can't logon locally, I'm unable to create a
> machine account from the workstation (by using a
> domain account which has the right to add machines
> to the network.)
>
>Many thanks in advance.
>
>--Chris
>
>.
>
- Next message: Norman Jee: "Security log filled with event 677"
- Previous message: alder: "Hei!"
- In reply to: chris@comcast.net: "The local policy of this system does not permit you to logon interactively"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
