JSI Tip 6131. Windows 2000 issues 'The local policy of this system does not permit you to logon interactively'?

When you attempt to log on to a domain or to the local computer, you receive:

The local policy of this system does not permit you to logon interactively.

This problem is the result of setting the Deny logon locally policy on your computer.

To properly setup this policy, create an organizational unit  (OU) for computers that you want to exclude from the Deny logon locally policy, and then grant the Log on locally policy to individuals or groups in theOU:

01. Open the Active Directory Users and Computers snap-in.

02. Right-click the domain name, press to New and Organizational Unit.

03. Name the OU and press OK.

04. Select the container that contains the computers you wish to move to the new OU.

05. Right-click the computers that you wish to move and press Move.

06. Select the new OU and press OK.

07. Right-click the new OU and press Properties.

08. Select the Group Policy tab.

09. Press New, type the GPO (Group Policy Object) name, and press Edit.

10. Navigate through Computer Configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignment.

11. In the right-hand pane of the GPO dialog, right-click Log on locally and press Security.

12. Check the Define these policy settings box.

13. Press Add and Browse.

14. Select the users and/or groups that should be granted the Log on locally policy and press Add, OK, and OK. You can hold down the CTRL key to select multiple objects.

15. Press OK to close the Security Policy dialog.

NOTE: See tip 7579 You receive the 'The local policy of this system does not permit you to logon interactively'?