My active directory (SBS 2003) domain users cannot log on locally to a given client machine (XP SP3). Logon with the domain admin works.
I would like users to be able to logon locally to this computer, so I'm trying to find out where the restriction is set. For this I locally start rsop.msc and navigate to
Console Root / <ComputerName> / Computer Configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignment
Here I would like to view the "Allow logon locally" policy, but it is missing.
I have many (all?) other policies, including "Deny logon locally" and "Allow logon through Terminal Services".
Why is "Allow logon locally" missing and how can I restore it?
Based on the provided info, it sounds to me like the computer has become disjointed from the Domain.
If RSOP isn't showing you the GP results, then it's probably not get GP apply to it. :)
The "domain" admin. credentials probably appear to work because you have the same password set for the local Administrator account.
Disjoin it from the domain, ensure the computer's account is removed from AD, and rejoin.
The keyboard layout was not set correctly (duh!). So the users could not log in.
I still don't know why the "Allow logon locally" policy is not available (while all other policies are available), but my problem is solved by changing the keyboard layout.
I found the answer to this issue. In Windows XP, this setting is named somewhat differently from Windows 7, however it is still in the list. Instead of looking for "Allow logon locally" look for "Log on locally". This should give you the functionality you're looking for.