Re: Logon local to W2k workstation using domain account

From: Colin Nash [MVP] (x_at_x)
Date: 08/09/04 

Date: Sun, 8 Aug 2004 19:16:51 -0400

I'm a little confused by what you are asking....

To logon locally with a domain account, you type the name, password and
select the domain from the list (or type DOMAIN\ACCOUNT which causes the
third box to get greyed out.) You can do it either way.

I'm confused by what you are calling a "local logon" vs a "domain logon" ...
a local logon means it is occuring at the console of the workstation (as
opposed to connecting over the network to the workstation) and does not
relate to whether the account is local to the machine or is from a domain.

If you are typing at the keyboard, it's a local logon no matter where the
account comes from. Also called an "interactive" logon in Microsoft-speak.

If you don't want to logon using a domain account (for example-- because you
plan on shutting your server down most of the time) then you should make a
local account. [Although Windows will usually allow a domain logon to occur
if the server is unavailable because it will cache your credentials.]

The term "logging on locally" is also sometimes used to refer to logging on
to a machine using a local machine account (for example, the computer's
local Administrator account.) Maybe that's where the confusion is...

"Ratmoler Hamstak" <hamstak@yahoo.com> wrote in message
news:f3c5beb2.0408081411.a5aea24@posting.google.com...
>I have a win2k workstation which is a member of a domain on a home
> network (set up as a domain for development/academic purposes). I am
> receiving a "system was unable to log on..." message when I attempt to
> use a domain account to log on locally (logging into the domain works
> fine). The account policy is set to allow local logon; this is
> established in the local, domain, and domain controller levels.
> Opening the account policy in the workstation's local security policy
> manager reveals that the effective security policy is opeartive for
> the domain account in question. The domain account is not a member of
> any groups affected by the "deny local login" policy, which I suspect
> would override the "Log on locally" policy.
>
> The reason I need to log on locally is that I recently purchased a
> Tritton NAS device for centralized file storage/ftp capabilities; I
> chose an appliance over building a file server for low power, always
> on, and small footprint benefits. I can only connect to it as a drive
> from the workstation when logged in to the daomin if my win2k server
> is on (I leave this off most of the time, and would prefer to); the
> error is "no logon server avaialable to service the request". Logging
> on locally using the domain account would clear up the problem, I
> suspect. Creating a local user account is a possibility of course, but
> I'd prefer to use a single account.
>
> One last thing: when logging in locally using a domain account, is
> it necessary to prefix the account name with the domain name, as in
> DOMAIN\Username? I tried this, but the dropdown for selecting the
> login context grayed out, so I assumed that prefixing in this manner
> performs domain login even if you have the local machine selected.
>
> Thanks in advance.
>
> Tom

Relevant Pages

  • [EC-SA-01.2003] Windows XP "welcome screen" exposes the names of all the members of the l
    ... logon screen with what is called "Welcome Screen". ... (including the original administrator account, ... Using the "welcome screen" actually disables / ignores the security ...
    (Bugtraq)
  • Re: ATTN : Microsoft - Security Event 529....Second Request for help....
    ... According to the events, the logon ... failure is from the local machine account. ... disconnected from the network. ... Security Event ID 529 is a failure audit for logon/logoff. ...
    (microsoft.public.windows.server.sbs)
  • Re: Is it really true that NTFS is secure?
    ... > and failure auditing starting with "Audit Account Management," and also try ... > The account Group got put back in the Administrator group again. ... > The logon to account: ...
    (microsoft.public.security)
  • Re: Please help refresh my memory on AD DC
    ... When I boot my Laptop I reach the Logon screeen for XP Laptop and here ... admin account to be able to Login so I can control it from the DC. ... A domain user can by default logon to any domain computer, except Domain controllers. ... A Server has websites already hosted on it in a Workgroup and now I ...
    (microsoft.public.windows.server.active_directory)
  • Re: Logon Server Unavailable
    ... >> More Connections Can Be Made At This Time ... >> The network folder specified is currently mapped using a different user ... >> account in its primary domain is missing or the password on that account ... >> There are currently no logon servers available to service the logon ...
    (microsoft.public.windows.server.dns)
Loading