Re: Administrator account
From: Lakshmi Narayanan K. (klakshmi_at_india.hp.com)
Date: 06/11/03
- Next message: Marg: "HotBar"
- Previous message: Jurren Bouman: "Re: Spam"
- In reply to: John Soulé: "Administrator account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 11 Jun 2003 19:26:47 +0530
Hello John,
Here, I am going to assume that the Windows 2000 SBS server is your Primary
Server. Also, just for namesakes, let me call your Primary Server as
Problem_System. Let us also call the account with which you aren't able to
access Problem_System as Problem_Account.
I dont know whether the updates were the cause of the problem, but I am 99%
sure that, the account Problem_Account you are using to connect to the
Primary Server (or one of the groups that your account is a member of) has
been added to the list of accounts/groups for the right 'Deny logon
locally'. In Windows 2000 systems, this setting/right (Deny Logon Locally)
can be seen in the following area: Local Security Policy->Security
Settings->Local Policy->User Rights Assignment. (If you want to open the
Local Security Policy, goto Start->Run, then type secpol.msc and hit OK. In
the application that opens, you may have to click on the little +'s by the
side of each entry to go to the lower level.)
Any setting in the 'Deny Logon Locally' right
overrides/takes-precedence-over the corresponding entry in the 'Logon
Locally' right.
Now, about resolving this issue.
Situation 1: Hope that the Administrators group has not been added to the
list of users/groups for the 'Deny Logon Locally' right. Get hold of an
account that has Administrator Privileges on the Primary Server, and your
job is easily resolved. Logon to the Primary Server with that account, and
then remove the entries that you may be having in the 'Deny Logon Locally'
right.
Situation 2: If the Administrators group has been added to the list of
users/groups for the 'Deny Logon Locally' right. This is slightly more
complicated.
Step 1: Get hold of another system on the same network that is running
Windows 2000. Just for namesake, let us call this system - Saviour_System.
Get hold of the 'Windows 2000 Resource Kit' CD, and install the same on
Saviour_System. In the folder where you installed the resource kit, locate
the utility ntRights.exe.
Step 2: From Saviour_System, map a network drive to a folder present on
Problem_System using Administrator credentials (or with an account that is
part of the Administrators Group).
Step 3: Key in the following command from Saviour_System (note: the
command is case-sensitive):
ntrights -m Problem_System -u Problem_Account -r
SeDenyInteractiveLogonRight
This should revoke the right 'Deny Logon Locally' for the Problem_Account
account on Problem_System, that have got allocated by mistake.
Hope this helps. And sorry for the kinda-longwinded mail.
Do get back to me in case you arent able to.... or if you are having any
problems with these commands.
Regards ...
- KLN
"John Soulé" <jsoule@downesassociates.com> wrote in message
news:ae863090.0306101122.48d5dfb4@posting.google.com...
> Monday it worked fine today - when trying to login into the Primary
> server, whether from the console or from Terminal Services client, I
> get "The local policy of this system does not permit you to logon
> interactively."
>
> What is going on - how do I correct this action on my Windows 2000 SBS
> server?
>
> I ran the updates from Microsoft on Friday - was one of these updates
> a know problem in this area?
>
> Thanks,
> -John Soule
> jsoule@downesassociates.com
- Next message: Marg: "HotBar"
- Previous message: Jurren Bouman: "Re: Spam"
- In reply to: John Soulé: "Administrator account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
