Re: HELP!!! Unable to logon to Server 2000

From: Dave W (anonymous_at_discussions.microsoft.com)
Date: 09/27/04 

Date: Mon, 27 Sep 2004 13:00:04 -0700

Just a thought here and I want to know what your opinion
is, from what I understand, Domain security settings over
ride local security settings. If that's true, then what if
I enable Domain level GP, making certain that those
particular logon rights are set correctly and thereby
superceding any local security settings that are
preventing a logon to that server?

Dave
>-----Original Message-----
>Just to add you may need to first install adminpak from
the install cdrom
>for Windows 2000 on your other computer first. It is
located in the I386
>folder. Also be sure to check for "deny logon locally "
user right entries
>as they will override any allow logon locally user right.
Keep in mind that
>administrators are part of the everyone and users group
whenever configuring
>permissions - particularly deny permissions. --- Steve
>
>
>"Miha Pihler" <mihap-news@atlantis.si> wrote in message
>news:OYuGDWMpEHA.592@TK2MSFTNGP11.phx.gbl...
>> Dave,
>>
>> If you can connect to domain using Active Directory
Users and Computer
>> from
>> your computer then Right click Domain Controller OU.
Click on
>> Properties ->
>> Group Policy tab and click to select on Default Domain
Controllers Policy.
>> Click on Edit.
>>
>> In Group Policy Editor under Computer Configuration ->
Windows Settings ->
>> Security Settings -> Local Policies -> Users Rights
Assignment open Allow
>> log on locally (double click on this policy). Make sure
that
>> administrators
>> group is listed in this policy.
>>
>> Mike
>>
>> "Dave W" <anonymous@discussions.microsoft.com> wrote in
message
>> news:301201c4a4c2$103b50f0$a301280a@phx.gbl...
>>> I apologize for being vague.
>>> Yes, it is a DC with the only other 2000 server being
the
>>> PC that I use for a workstation, of sorts. The failed
>>> logon was with the Admin's account at the server's
>>> keyboard. However, I first received the message over
the
>>> weekend when I tried logging into a terminal session
from
>>> home over the weekend. This is the only machine in our
>>> network that this problem is happening on. I am
positive
>>> that I accidentally changed a policy setting last week
>>> when I was trying to get a problematic application on a
>>> workstation to allow me to log on to it's service.
Thank
>>> you.
>>>
>>> >-----Original Message-----
>>> >Hi Dave,
>>> >
>>> >You will have to give us more information.
>>> >
>>> >Is this domain controller that you are trying to
logon?
>>> Did you try using
>>> >Administrator account. Did you try using terminal
>>> services to logon... Do
>>> >you have same problem on domain controllers, server
and
>>> clients?
>>> >
>>> >Mike
>>> >
>>> >"Dave W" <anonymous@discussions.microsoft.com> wrote
in
>>> message
>>> >news:2f8501c4a4bc$3b3f0810$a301280a@phx.gbl...
>>> >> Some changes were made to group policy several days
ago
>>> >> and something musta got screwed up because I cannot
log
>>> >> back in now that I have logged out. I get the
following
>>> >> message after the failed login: "the local policy of
>>> this
>>> >> system does not permit you to logon interactively"
>>> >> Is there anything that I can do?
>>> >
>>> >
>>> >.
>>> >
>>
>>
>
>
>.
>

Relevant Pages

  • Re: very very strange issue - please HELP!
    ... It sounds as though you have a Group Policy operating that is controlling ... the correct security settings afterwards and not just open it up to get it ... Finally found that network ... Using "Local Security Settings" MMC we navigate ...
    (microsoft.public.windows.server.general)
  • Re: you do not have permission to log on locally
    ... I am having the same problem, I can't logon with the local machine account ... I am unable to remove the administrators account from the "deny local log ". ... the efffective policy setting still remains. ... > Use domain policy to override whatever security settings are causing ...
    (microsoft.public.win2000.security)
  • Really no answer?
    ... the logon error message I get is "Your account is ... and juicing a few security settings ... Since it isn't limited to merely the 500 builtin account, ... has Traversal Bypass and Local Logon rights, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Restricting login to only one domain
    ... User Rights Assignments under security settings. ... Set the policy to allow logon locally to include only groups that you want. ...
    (microsoft.public.windows.group_policy)
  • Re: Modify specific security settings in mmc.
    ... > These Anonymous logons are identified with actual names as I see and here ... > Logon process: NtLmSsp ... > One thing I saw when fiddling around in security settings and users right ... > blank in that window by default. ...
    (microsoft.public.windowsxp.security_admin)