Resolved by the domain strategy to log in locally

The security settings of the domain policy are saved in a security template called "gpttmpl.inf", which is a text file that stores Sysvol in the DC (Domain Controller) (physical directory pointing to DC "C: / WinNT / Sysvol / sysvol ") shared. To unlock all local login restrictions, the fastest approach may be directly edited by directly editing this text file directly without local login.

The specific operation is as follows:

On another computer (Win9x / 2000 / XP), use the domain administrator account to connect to the Sysvol shares of DC, "// / sysvol / / policies / Under this text file "gpttmpl.inf" under Machine / Microsoft / Windows NT / SECEDIT. ("DC Name" in the path is the name of the domain controller you put this group policy, "Domain Name" is your domain name, "Policy Guid" is the GUID of the group policy object you want to edit, similar to " {31B2F340-016D-11D2-945F-05C04FB98439} ").

Use Notepad to open the "gpttmpl.inf" file, find the "SedenyInteractiveLogonRight" keyword under the "PrivileGeTS" section in the file, and its value is the SID of the user or group that is rejected locally, deletes these SIDs, making "SedenyinteractiveLogonRight "The value of the key is empty. Save the file back to the original position.

Use Notepad to open the "gpt.ini" file under "// / sysvol / / policies / " to improve the value of the "Version" key under the "General" section It is usually added 1000. This is the version number of this group policy object we have modified. After the version number is improved, we can guarantee that our changes are copied to other DCs. Save the file back to the original position.

After the domain strategy is refreshed, the problem is resolved.