| 182 |
| Restore local logon after an unexpected policy change |
| The Deny Logon Locally right controls whether a user can locally log on to a computer. This right |
| can be set through either local policy or group policy. Deny Logon Locally might pose unexpected |
| problems; for instance, a user who was previously able to log on could receive this error when |
| The Local policy of this system does not permit you to log on interactively. |
| This problem can occur if the user's account is a member of a group that's denied local logon, even |
| if the user is a member of another group that's allowed local logon. The more restrictive rights take |
| precedence. You might occasionally also see this problem after adding a Windows 2000 computer to |
| If changing group membership or rights at the site, domain, or organizational unit (OU) level |
| doesn't enable access, you can use the Ntrights.exe tool to change the rights on the affected |
| computer. The tool is included with the Windows 2000 Resource Kit. |
| To use Ntrights.exe, log on to another computer with an administrative account and execute the |
| following command. Replace <computer> with the name of the computer on which you need to |
| change permissions and <user> with the name of the user or group from which you wish to remove |
| the Deny Logon Locally right: |
| ntrights -m \\<computer> -u <user> -r SeDenyInteractiveLogonRight |
| After you make this change, the affected user or group should be able to log on locally to the |
First Previous Next Last |