Re: Cant logon to local machine (this computer) as administrator
From: James W. Long (JamesLong_at_wowway.com)
Date: 07/12/04
- Next message: anonymous_at_discussions.microsoft.com: "Re: Local policy logon interactively on remote laptop"
- Previous message: dostt_at_hotmail.com: "Multiple IPSec Policies"
- In reply to: Steven L Umbach: "Re: Cant logon to local machine (this computer) as administrator"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 12 Jul 2004 15:45:30 -0400
Steven:
yes there was a difference between local setting and effective setting.
I had to fix it at the domain level by taking out my settings there.
Then I could get in to the local machine as administrator. :-).
One coment I would like to make,
It would be nice If the domain controller could see the local accounts which
reside on client machines and be able to work with those.
for instance I would have liked to add HAL9000\Administrator
to "Log on Locally" and have it apply to HAL9000.
this was almost the case in KB article 826903, BUT
HAL9000\Administrator is not available in the directory from the DC,
which is in jewelconsulting.org, nor is it available in the full directory.
Once having removed my stipulated accounts from domain level,
it worked.
it works now, and thank you for that great information!
I later cleaned up the mess by stipulating in each client.
James W. Long.
"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:KozIc.64134$IQ4.34112@attbi_s02...
> As mentioned, the logon locally or deny logon locally user right are
configured to
> prevent administrator or local users from logging on locally. That could
be
> configured at the local or domain/OU level. I would logon to the local
machine as
> domain admin and look in Local Security Policy/security settings/local
policies/user
> rights for the mentioned user rights. Use secpol.msc to bring up Local
Security
> Policy. If you can reconfigure those rights at the local level, then that
is where it
> was configured at. If the local settings are grayed out and differ from
the
> "effective" settings the policy came from a higher priority level such as
domain and
> OU. I would first check the container the computer is in such as OU or
domain. You
> can run gpresult on that computer to see what computer policies are being
applied to
> it and any one of those GPO's listed could be the culprit. --- Steve
>
>
> "James W. Long" <JamesLong@wowway.com> wrote in message
> news:49mdnfO0V5BQPm_dRVn-jA@wideopenwest.com...
> >
> > Hi all,
> >
> > I can log onto the domain account on my clients but I
> > can not log into thier local accounts anymore.
> >
> > I really need this back in case they fail or something.
> >
> > For instance, my domain is called jewelconsulting.org
> > and I run a Win2000 Adv Server Domain Controller
> > that is authorative for the jewelconsulting.org domain.
> >
> > If I go over to my client machine named hal9000,
> > I can logon as administrator to jewelconsulting fine.
> >
> > But I cannot logon to HAL9000 (this machine)
> > as administrator at all.
> >
> > I get this error message and I dont know how to
> > fix it, some help would be greatly appreciated.
> >
> > " The policy of this system does not permit you
> > to logon interactively."
> >
> > How do I fix this and where? on the DC or
> > on the local machine?
> >
> > Thank you in advance,
> > James W. Long.
> >
> >
> >
> >
> >
>
>
- Next message: anonymous_at_discussions.microsoft.com: "Re: Local policy logon interactively on remote laptop"
- Previous message: dostt_at_hotmail.com: "Multiple IPSec Policies"
- In reply to: Steven L Umbach: "Re: Cant logon to local machine (this computer) as administrator"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
