Logon Locally problem.

• Previous message: Altria: "Re: Non-Administrator's access to local CD-ROM?"
• Next in thread: Steven L Umbach: "Re: Logon Locally problem."
• Reply: Steven L Umbach: "Re: Logon Locally problem."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 28 Jun 2005 16:18:08 -0700

Since this mixes security and networking, I am posting this in both
groups.

I am running under a Windows 2000 domain. I have a domain group that
is setup to logon locally to each Non-DC server. Everything was setup
and working.

To enhance the security of our network, our web servers were moved to a
different VLAN and most ports were blocked between the VLANs.
Everything continued to work.

Recently, I had to rebuild one of our web servers. I was able to setup
everything except the logon locally piece. In the Local Security
Policy, I try to add my Domain Group, but the "effective check" never
appears. Local is checked, but effective is not. All other aspects of
the Local Security Policy on this server look the same as the other web
server in the VLAN. The other server still works and all the users can
log into it.

My first question is this: Do I need to have certain ports open
between a server and the domain controller in order to make the rule
effective? I do not have any trouble bringing up the domain in any of
the drop-down lists. I can select my domain group. It appears to add
properly, but it never becomes active. I have tried to create a local
group, and I have tried to add individual users (local and domain).
None of them will become effective. I have tried to add additional
users and groups to the other server and I have the same problem. This
is what leads me to believe it is a networking issue and not a server
issue. The server that I have not modified is showing the same
problems.

Is there something else I could be missing?

Any help you can provide will be much appreciated.
Thanks,
Selmer80

• Previous message: Altria: "Re: Non-Administrator's access to local CD-ROM?"
• Next in thread: Steven L Umbach: "Re: Logon Locally problem."
• Reply: Steven L Umbach: "Re: Logon Locally problem."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Logon Locally and blocked ports ... Since this mixes security and networking, I am posting this in both ... is setup to logon locally to each Non-DC server. ... Policy, I try to add my Domain Group, but the "effective check" never ... (microsoft.public.win2000.networking) Re: [fw-wiz] Where do firewall Admins Sit in An Company ... Since obviously the networking and server folks do not wear a security hat, ... >Firewall administration is part of operations, ... (Firewall-Wizards) Re: problem mapping local drives in remote desktop session ... Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net ... It is running Windows 2003 Server R2. ... change I made was to uninstall enhansed IE security. ... (microsoft.public.windows.server.networking) security-basics Digest of: get.123_145 ... VPN to ASP a security risk? ... Re: Multiple IPSec tunnels? ... Subject: Security NT Server ... VPN to ASP a security risk? ... (Security-Basics) << SBS News of the week - Sept 26 >> ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ... (microsoft.public.backoffice.smallbiz)