Hi everyone, I have locked out my admin account. I get the message "local security policy prevents you to log on interactively" obviously I have messed up while playing with the local security policy. Anyone know how I can correct this so I can log on as admin? cheers all.
SYMPTOMS When you add a group, such as, Domain Users, Everyone, or Authenticated Users, to the "Deny Logon Locally" user right, users that are members of those groups can no longer log on to certain computers. When a user tries to log on to the computer, the user may receive the following error message:
The Local policy of this system does not permit you to log on interactively. The administrator of your system may find this behavior to be unexpected. CAUSE This behavior may occur because the user (such as, the administrator, who is a member of a group that has been explicitly granted the "Logon Locally" user right) may also be a member of the preceding groups. Any of the preceding groups may deny users access to the computer in which case a policy that sets the denial of user rights takes precedence over a policy that enables user rights. RESOLUTION To work around this behavior, you can access the computer that is denying a user access by means of an administrative account situated on another client. Then you can use the Ntrights.exe program from the Microsoft Windows 2000 Resource Kit to remove the user from the "Deny Logon Locally" user right.
To perform this procedure, use the following (case-sensitive) syntax: ntrights -m \\computer -u group or user to remove -r SeDenyInteractiveLogonRight