interactive logon not permitted

cknapecknape Member Posts: 15 ■□□□□□□□□□
can anyone help with this problem before i throw my server out of the windows.

have installed server 2003 enterprise on server. promoted to dc created 2 basic user accounts. at client end when these 2 try to log into domain get this

this system does not permit interactive logins.

if i make the 2 users members of domain admins log in no problem once i remove dom admin membership can't login again.
and i don't want all my users to be admins.

any help

ps i have looked at allow logon locally- not that.
i have not changed any domain gpo's since install so system is setup as is.

any ideas

MCP 70-270 70-290


  • Silver BulletSilver Bullet Member Posts: 676
    I am kinda confused by your post.....please elaborate.

    First you said:
    ps i have looked at allow logon locally- not that.

    Then you said:
    i have not changed any domain gpo's since install so system is setup as is.

    By default, Windows server 2003 does not allow users to log on to the Server locally. In order to change this you have to edit the group policy and define the users/groups you want to allow to log on locally. Even though this machine is a domain controller, any logon attempt to the server is considered a local logon.

    To change this you will need to open Active Directory Users and Computers. Right click on your domain controller and choose properties. Choose the Group Policy tab. Highlight the "Default Domain Policy" and choose Edit. You will find this setting under Computer Configuration>Windows Settings>Security Settings>Local Policies>User Rights Assignment. The policy you want to edit is Allow Log on Locally. Add the User/Group that needs to log on to the Server.

    Repost if that is not the info needed or if you have already done that and I misread your post.
  • RussSRussS Member Posts: 2,068 ■■■□□□□□□□
    Silver Bullit has it covered .... Server 2003 does not allow users to log on interactively.
    I am not sure that I would want to change the security policy to allow this though. IMHO you are better installing Terminal Services if you want users to log on interactively as you can control things better.
    FIM website of the year 2007
  • cknapecknape Member Posts: 15 ■□□□□□□□□□
    what i mean is new users can't login to domain.
    i don't want users logging in to server. but someone had already said check allow logon locally to try to solve problem.
    but thats nothing to do with it.

    i just want users to log into domain from their client machines which they can't unless i make them admins.

    i don't know why the error message no interactive login permitted comes up. i just want users to login on to the domain i have created.

    is this a bit more clear.

    MCP 70-270 70-290
  • rossonieri#1rossonieri#1 Member Posts: 799 ■■■□□□□□□□

    very simple maybe - to answer your q.
    if you dont want your user to access the server locally - why would you setup 2 w2k3 server as client and server?

    cheers... icon_wink.gif
    the More I know, that is more and More I dont know.
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    Please excuse if this is a stupid question - did you first join the work stations to the new domain? Are they logging into the domain or the work station? Big difference...
    All things are possible, only believe.
Sign In or Register to comment.