Re: Question about Log on Locally Policy.
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 12/16/04
- Next message: Adam Sandler: "Re: Question about Log on Locally Policy."
- Previous message: Steven L Umbach: "Re: User Cant Rename Folder"
- In reply to: Adam Sandler: "Question about Log on Locally Policy."
- Next in thread: Adam Sandler: "Re: Question about Log on Locally Policy."
- Reply: Adam Sandler: "Re: Question about Log on Locally Policy."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 16 Dec 2004 16:10:20 GMT
Interesting as by default administrators group has logon locally user right.
The easiest thing to try would be to use ntrights to add the administrators
to the logon locally user right. Not knowing if there are entries in the
deny logon locally user right and the fact that it may have overriding
policy from the domain can complicate things. If you can access the computer
via an administrative share you may have a good change to correct things and
them you might be able to use Computer Management to remotely view it's
Event Viewer. If can not even access an administrative share, your changes
of correcting things are not good. Assuming you can, you could also use
psexec from SysInternals to access the command prompt on that computer to
check network configuration, run netdiag, etc. Netdom might be used to try
and join the computer to the domain or repair the secure channel. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;266280 -- note that
the user right is case sensitive in the command
http://www.petri.co.il/download_free_reskit_tools.htm --- Ntrights
available here
http://www.sysinternals.com/ntw2k/freeware/psexec.shtml -- Psexec.
http://support.microsoft.com/kb/216393/EN-US/ -- netdom info
"Adam Sandler" <corn29@excite.com> wrote in message
news:1103208561.753609.225590@z14g2000cwz.googlegroups.com...
> Hello,
>
> This thread is about a W2K member server.
>
> I had to recover from a failure on one of my domain's boxes the other
> day. I reloaded the image I had of the fully configured box. What I
> forgot to realize is the security guys went through and changed whio
> can log on locally...
>
> After the image was sucessfully restored, I tried to logon to the
> domain but got a message the domain wasn't available.
>
> So I then tried to log on as the local admin and got the error stating
> the policy of the machine does not permit interactive logon.
>
> So it looks like I'm stuck... I cannot contact the domain and I cannot
> logon with a local account because the image captured the effective
> setting from the DC regarding who can and cannot log on locally.
>
> I do have a offline registry editor program but I have no idea if this
> policy is even stored in the registry... does anyone know?
> Are there any other tools that could help me out too?
>
> Thanks!!!
>
- Next message: Adam Sandler: "Re: Question about Log on Locally Policy."
- Previous message: Steven L Umbach: "Re: User Cant Rename Folder"
- In reply to: Adam Sandler: "Question about Log on Locally Policy."
- Next in thread: Adam Sandler: "Re: Question about Log on Locally Policy."
- Reply: Adam Sandler: "Re: Question about Log on Locally Policy."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
