Results 1 to 9 of 9

Thread: Local Policy Does not permit logon interactively ~ Urgent help nee

  1. #1
    mastermind Guest

    Local Policy Does not permit logon interactively ~ Urgent help nee

    I have two DCs...

    we have 1500 users ...... out to these my some of the users are not able to
    login to domain they are getting eror "Local Policy Does not permit logon
    interactively"

    To solve I did following things

    1) I have changed Domain Default GP addedd Domain Users in Allow login locally
    2) Removed affected PC from domain and added agian,,,but it worked for some
    one how? On some of the machine this policy has applied but some of the PC
    this policy not getting affected........

    I did gpupdate / force restarted the pcs but still same issue.....
    I have applied above policy yesterday & retarted my both DCs but still some
    the PC not taking this policy?


    Pls help to solve this issue............~

  2. #2
    Ziad K. Chafi Guest

    RE: Local Policy Does not permit logon interactively ~ Urgent help nee

    Hi,
    Now as you already know, all domain users should be able to logon to any PC
    on the network by default except for Domain Controllers, as you already
    troubleshooted the problem and worked with group policies and the problem was
    not sorted out, and since the problem in occuring on some PCs only, I have a
    feeling that the local computer policy might have been edited (maybe by a
    virus or so) to prevent users from logging on, to try to solve the problem
    please do the following:
    1- Logon to the affected PC using a local admin account and run gpedit.msc
    and check the Interactive Logon settings and change it if needed
    2- Create a Domain-wide policy and explicitly allow domain users to logon
    locall, block the Domain Controller OU from inheriting this policy.

    Have a nice day and let me know...
    --
    Ziad K. Chafi

  3. #3
    mastermind Guest

    RE: Local Policy Does not permit logon interactively ~ Urgent help

    Hi

    Wht we are trying is to block the inheritance of the default domain
    controller policy to all OU's except for the DC's .

    Is it required to move the computers from the Comuters OU to the respected
    OU's.

  4. #4
    Ziad K. Chafi Guest

    RE: Local Policy Does not permit logon interactively ~ Urgent help

    Hello,
    The Default Domain Controllers Policy should only be applied to the Domain
    Controllers OU, which contains only Domain Controllers by default. From what
    you are saying, I understand that the Default Domain Controllers Policy is
    affecting all computers, so some one might have linked the policy to the
    domain, this will cause lots of inconveniences, so if this is the case, you
    have to immedeiatly remove the link at the domain level and this should solve
    the problem.

    Let me know...
    --
    Ziad K. Chafi

  5. #5
    mastermind Guest

    RE: Local Policy Does not permit logon interactively ~ Urgent help

    Dear Ziad

    If we block Inheritance of default domain controller policy to the rest of
    the OUs will it solve the issue.

    Is it required to moved the computers from the OU - Computers to the
    respective OU's.

  6. #6
    Ziad K. Chafi Guest

    RE: Local Policy Does not permit logon interactively ~ Urgent help

    Hello,
    As I told you before, the Default Domain Controllers Policy should not be
    linked to the domain and should not affect any computer but DCs.
    Now if you prefer to link the policy to the domain you have to know the
    following:
    1- The policy has restrictions on how can log on locally, and this is what
    is causing your problems
    2- Blocking inheritace will not solve your problem since all computers are
    created by default in the default Computers container, which is not an OU, so
    you can't block inheritance on the container

    To solve the problem you have to move all computers to their respected OU
    and then block inheritance on the OU.

    Hope it helps.
    --

  7. #7
    sammy Guest

    Re: Local Policy Does not permit logon interactively ~ Urgent helpnee

    I've seen this before in some domains when time synchronization fails
    on some machines.
    Authentication is apparently time-synchronous sensitive. Compare the
    times on the machines
    that users are having problems with and reset if necessary. You might
    also consider rebooting
    one of these machines as a service might have become wedged.

  8. #8
    Ziad K. Chafi Guest

    Re: Local Policy Does not permit logon interactively ~ Urgent help

    Hi Sammy,
    Actually what you said is true, the Authentication process in Microsoft
    domains depend mainly on Kerberos protocol, which uses system time in the
    process of encrypting user credentials and sending them to a DC, so if there
    is no time sync between a client computer and the DC, the user can not logon,
    but he will not receive the "Local Policy Does not permit logon
    interactively" message, he will receive a message saying that the user can
    not logon due to dime difference.

    Have a nice day.
    --
    Ziad K. Chafi

  9. #9
    Join Date
    Sep 2011
    Posts
    1

    Re: Local Policy Does not permit logon interactively ~ Urgent help nee

    Hi ,

    I am facing the same issue , which virus is this ...how to remove it. please help...i moved the infected users in to the new OU but problem is still persists....I even format some of the windows xp machine but even though the problem persists...please help...i am having a windows server 2008 and 9000 users in my network and about 500 users are suffering...please help...

Similar Threads

  1. Replies: 3
    Last Post: 15-01-2014, 10:21 AM
  2. Replies: 3
    Last Post: 13-10-2009, 04:19 PM
  3. Replies: 3
    Last Post: 25-11-2008, 06:43 PM
  4. remote web workplace - local policy - can't logon interactively
    By sivaranjan in forum Small Business Server
    Replies: 3
    Last Post: 04-08-2007, 12:34 AM
  5. Replies: 1
    Last Post: 12-04-2007, 12:22 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,710,824,293.32776 seconds with 17 queries