Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
When I try to log on to Windows 2000 (running on standalone computer)under one of my administrator accounts, I get the error message "The local policy of this system does not permit you to log on interactively." I know that I need to use the ntrights.exe application from the Windows 2000 service pack to remove the deny interactive logon right restriction from the administrator group. However, what command prompt can I go to to run this utility? I can only log into my computer in the repair console or under a guest account and do not have access to the administrator controls. Please help!!!!
also, if there's no way to fix this, is there a file that stores all the Local Policies and/or User Rights Assignments that I can just delete and then run Windows setup to repair the current installation so that maybe I can regain access to all my personal file?
0 
Someone must have been messing with the security settings because the default policy for the administrator is certainly to allow the Administrator to log on locally. Another confusing thing is that a stand alone server (non domain controller) does not typically have the limitation of not allowing non administrators to log on locally. This is usually just a limitation of a domain controller.
You should be able to run the nrights.exe at the recovery console. It should take you to a command prompt. Navigate to the location of the nrights.exe file and run it.
0
I get the same reply from the administrator account. That's the problem. Am I going to be able to run the ntrights.exe utility from the recovery console? I didn't think that I could because I thought I only had access to those few commands. I'll give it a shot though.
0
do you have an option for domain to login to?
make sure you use the local computer with the local admin account ,
and domain with domain admin account,...
0
I have no domain option. There are no options on login except to use dial-up, which i can't do. My computer is standalone and not connected to any domain.
0
I had the same problem a few months back. I dont remember how exactly i fixed it but i got some info from microsoft knowledge base, search with some keywords in your error message. Also i ran ntrights from another computer via a local network. You can type the path to the remote computer and restore the settings for that computer. For the available commands try typing "ntrights ?" it will tell you how to type the full command path.
0
SYMPTOMS
When you add a group, such as, Domain Users, Everyone, or Authenticated Users, to the "Deny Logon Locally" user right, users that are members of those groups can no longer log on to certain computers. When a user tries to log on to the computer, the user may receive the following error message:The Local policy of this system does not permit you to log on interactively.
The administrator of your system may find this behavior to be unexpected.CAUSE
This behavior may occur because the user (such as, the administrator, who is a member of a group that has been explicitly granted the "Logon Locally" user right) may also be a member of the preceding groups. Any of the preceding groups may deny users access to the computer in which case a policy that sets the denial of user rights takes precedence over a policy that enables user rights.RESOLUTION
To work around this behavior, you can access the computer that is denying a user access by means of an administrative account situated on another client. Then you can use the Ntrights.exe program from the Microsoft Windows 2000 Resource Kit to remove the user from the "Deny Logon Locally" user right.To perform this procedure, use the following (case-sensitive) syntax:
ntrights -m \\computer -u group or user to remove -r SeDenyInteractiveLogonRightSTATUS
This behavior is by design.MORE INFORMATION
Most of the preceding problems occur when the Everyone group has been removed from the user right. You can use the Ntrights utility to add user rights.For additional information about how to add a group back to the user right, click the article number below to view the article in the Microsoft Knowledge Base:
0
I am not on a LAN and I don't have another computer to network to this one. Is there any way to fix the problem with just this one computer by itself?
0  |
 Check If Desktop is locke...
|
Adding a NT 4.0 Server to...
|
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
