Re: The user has not be granted the requested logon type at this machine
From: Beverly Treadwell (prgmrblu_at_newsgroup.nospam)
Date: 11/09/04
- Previous message: Miha Pihler: "Re: 128 bit encryption for IE6"
- In reply to: WenJun Zhang[msft]: "RE: The user has not be granted the requested logon type at this machine"
- Next in thread: Karl Levinson [x y] mvp: "Re: The user has not be granted the requested logon type at this machine"
- Reply: Karl Levinson [x y] mvp: "Re: The user has not be granted the requested logon type at this machine"
- Reply: WenJun Zhang[msft]: "Re: The user has not be granted the requested logon type at this machine"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 9 Nov 2004 10:24:57 -0800
Thanks for the response.
I agree that the user is missing the interactive login portion of the
permissions. The login type: 4 is "login as batch job" which I have
explicitly set in the
GPO. I just can't figure out how to repair the problem. I seriously have
hundreds of servers
that require this user to run about 5 files.
I tried adding the domain user to the local user group with no luck.
As it turns out the Domain Users Group has been added to the Local users
already.
I did run through the NTFS Permissions with no luck.
You said:
> Furthremore, if you uncheck the "Allow IIS to control password"
> checkbox, this will change the logon type from Interactive to
> ClearText , which is more secure and may be able to work immediately.
This is in fact how we set the user up. IIS does no allow
"Allow IIS to control password" for users not local on the box.
One thing I have noticed is that the users added to the server
are showing as SIDs only. On the file security sections the user is
often grayed with the little "?" over it.
Beverly
""WenJun Zhang[msft]"" <v-wzhang@online.microsoft.com> wrote in message
news:zTXZfBkxEHA.3436@cpmsftngxa10.phx.gbl...
> Hi Beverly,
>
> The only difference I can find is: after you add the account to
> Administrators group and performed a logon, the account will be
> automatically added to the built-in Interactive group. After that,
> you removed it from Administrators but it's still in Interactive.
> Also the event log indicates the problematic logon type is just
> 'Logon Type: 2' - Interactive Logon .. It's the important difference
> I think:
>
> Using Default Group Accounts
> http://www.microsoft.com/technet/prodtechnol/windows2000serv/evaluate/
> featfunc/07w2kadc.mspx
>
> So I just wonder if some permissions are missing for the original
> account but are held by Interactive. Please check if the domain
> account has been added into local users group. Also it may be helpful
> to go through the default min permission required by IUSR:
>
> How to set required NTFS permissions and user rights for an IIS 5.0
> Web server
> http://support.microsoft.com/?id=271071
>
> Furthremore, if you uncheck the "Allow IIS to control password"
> checkbox, this will change the logon type from Interactive to
> ClearText , which is more secure and may be able to work immediately.
>
> Please update here on any findings or results. Thanks.
> Best regards,
>
> WenJun Zhang
> Microsoft Online Support
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> Get Secure! - www.microsoft.com/security
>
- Previous message: Miha Pihler: "Re: 128 bit encryption for IE6"
- In reply to: WenJun Zhang[msft]: "RE: The user has not be granted the requested logon type at this machine"
- Next in thread: Karl Levinson [x y] mvp: "Re: The user has not be granted the requested logon type at this machine"
- Reply: Karl Levinson [x y] mvp: "Re: The user has not be granted the requested logon type at this machine"
- Reply: WenJun Zhang[msft]: "Re: The user has not be granted the requested logon type at this machine"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
