when setting up a new user and laptop for them, we place them in their assigned group in AD. but laterly when we do they are getting the message:
the local police of this system does not permit you to logon interactively
yet when we remove them from the group and put them in an temp admin group with domain admin as their primary it allows us to log in netwrok-wise and locally to the laptop...
this has us stumped since the only change we have made has been locally changing the users from power users to restricted users...nothing to their profiles or accounts
2006-10-23 06:37:38 · 1 answers · asked by Anonymous in Computers & Internet ➔ Computer Networking
i have taken an account from the domain that i have used to log in as administrator rights on some computers, so i know it works. i removed the domain admin group and any form of administrative groups and left it as a domain user. i added it to our laptop users and got the same message listed above...i then added it to the less restricted and restrict group as a user and also received the same message. yet when i add domain admin group back and leave domain user as primary, i am able to log onto the laptp both locally and domain
2006-10-23 08:05:52 · update #1
In my opinion I think this has to do with the logon credentials setting set at the domain server. Guess its set only for admin users and not for regular users.
Start by removing all restrictions at the domain server for login and slowly put one by one. Also check if the login script has anything too.
One more test you can do is to ask one of those users to directly login on the server console and see what error they get to reconfirm my theory.
Hope this helps
.:Fishie:.
2006-10-23 17:34:51 · answer #1 · answered by Fishie 5 · 0⤊ 0⤋