interactive logon not permitted
can anyone help with this problem before i throw my server out of the windows.
have installed server 2003 enterprise on server. promoted to dc created 2 basic user accounts. at client end when these 2 try to log into domain get this
this system does not permit interactive logins.
if i make the 2 users members of domain admins log in no problem once i remove dom admin membership can't login again.
and i don't want all my users to be admins.
any help
ps i have looked at allow logon locally- not that.
i have not changed any domain gpo's since install so system is setup as is.
any ideas
cheers
have installed server 2003 enterprise on server. promoted to dc created 2 basic user accounts. at client end when these 2 try to log into domain get this
this system does not permit interactive logins.
if i make the 2 users members of domain admins log in no problem once i remove dom admin membership can't login again.
and i don't want all my users to be admins.
any help
ps i have looked at allow logon locally- not that.
i have not changed any domain gpo's since install so system is setup as is.
any ideas
cheers
A+
NETWORK+
MCP 70-270 70-290
NETWORK+
MCP 70-270 70-290
Comments
First you said:
Then you said:
By default, Windows server 2003 does not allow users to log on to the Server locally. In order to change this you have to edit the group policy and define the users/groups you want to allow to log on locally. Even though this machine is a domain controller, any logon attempt to the server is considered a local logon.
To change this you will need to open Active Directory Users and Computers. Right click on your domain controller and choose properties. Choose the Group Policy tab. Highlight the "Default Domain Policy" and choose Edit. You will find this setting under Computer Configuration>Windows Settings>Security Settings>Local Policies>User Rights Assignment. The policy you want to edit is Allow Log on Locally. Add the User/Group that needs to log on to the Server.
Repost if that is not the info needed or if you have already done that and I misread your post.
I am not sure that I would want to change the security policy to allow this though. IMHO you are better installing Terminal Services if you want users to log on interactively as you can control things better.
FIM website of the year 2007
i don't want users logging in to server. but someone had already said check allow logon locally to try to solve problem.
but thats nothing to do with it.
i just want users to log into domain from their client machines which they can't unless i make them admins.
i don't know why the error message no interactive login permitted comes up. i just want users to login on to the domain i have created.
is this a bit more clear.
cheers
NETWORK+
MCP 70-270 70-290
http://support.microsoft.com/?kbid=267553
http://support.microsoft.com/?kbid=227904
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q247/9/89.ASP&NoWebContent=1
Here are a couple M$ KB articles about that error message. I think it is the last one that says to do what I suggested you do previously.
very simple maybe - to answer your q.
if you dont want your user to access the server locally - why would you setup 2 w2k3 server as client and server?
cheers...