TechArena Community

TechArena Community (
-   Windows Server Help (
-   -   The Local Policy of this system does not permit you to logon inter (

AndyK 15-03-2007 10:22 PM

The Local Policy of this system does not permit you to logon inter
I have been to the Knowledge base, and other forums in the 'net and cannot
find a solution to this. None of the posted solutions seem to help or
reference the entire picture.

When logging onto the Backup domain controller (W2K3 standard) I get this
error. To logon, we use our admin equipped username accounts to circumvent
this error, and as a member of the domain, it seems to work for us (as well
as RDP Access). However, the problem is still there. ADDITIONALLY (and this
is where I cannot find ANY information) The local computer account is
missing. The logon choice is only our Domain, the local computer account
seems to be missing entirely.

Can anyone help me figure this one out?

Mark Wills 16-03-2007 02:59 AM

RE: The Local Policy of this system does not permit you to logon inter
OK let's clear up some misconceptions to start with, assuming this is a
Windows 2000/2003 (Active Directory, or AD) type of domain not NT4.

1. There is no such thing as a backup domain controller in AD. Any machine
that is promoted to domain controller is a domain controller. (There are some
minor issues behind the scenes, but they aren't relevant to this discussion)
2. There are no local accounts on domain controllers.

Regarding allowing other non-admin users to log in if you should choose to
disregard best practices (that's why it defaults that way) Do the following:

Start > Administrative tools>Domain Controller Security Policies

look for 2 entries:
Allow log in localy and Deny log in localy.
Here you can add groups that the members are allowed or deny access to local

I would also recomend going through some tutorials on Active Directory and
Group policies. This will allow you to work with all the features instead of
fighting against them.

AndyK 16-03-2007 11:21 AM

RE: The Local Policy of this system does not permit you to logon i
Yes, this is a w2k3 AD environment, I commented about it being the backup
domain controller because that is its main purpose, to help protect AD from a
single catastrophic failure. Yes, I know there is no BDC. I was referring to
its main purpose in my environment.

I am relatively new to AD, having worked with it for about 2 years, then
finding myself in a situation where there are hardly any IT jobs in this
area. So for 3 years I was out of the picture in regards to IT. I built this
network from an NT environment based upon stuff I could remember. So
semantics aside, I think I did pretty well all things considered. As for best
practices, there are four of us handling 900 computers and almost 3000
students and employees. temproarilly allowing a few of us access to servers
to circumvent the Admin logon problem was nessessary until I was able to look
more closely at the problem. I have found the problem, about an hour after I
posted this. I thank you for the post. Figuring out how the security setting
changed is of more consern at the moment.

shayneneal 08-04-2010 10:25 PM

Re: The Local Policy of this system does not permit you to logon inter
I am curious, what was the problem that you found an hour after posting this issue? I am trying to log on to a remote workstation in another city and am getting the same error. Is the policy in place due to the user or device being logged onto?

I am trying to do a simple application test and do not want to actually log into the server unless necessary.

All times are GMT +5.5. The time now is 09:28 AM.