Re: Stand alone Win2003 Standard w/ AD... how to allow users to login?

From: AC (spam_at_aNOSPAMMEconnell.com)
Date: 09/14/04

• Next message: Jerry Bryant [MSFT]: "Microsoft Security Bulletins for September 2004"
• Previous message: Miha Pihler: "Re: Administering AD through another machine"
• In reply to: Steven L Umbach: "Re: Stand alone Win2003 Standard w/ AD... how to allow users to login?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 14 Sep 2004 14:00:58 -0400

I could swear it wasn't working... but now it is after a recent reboot (I
know I rebooted after I changed the policies... go figure :)

Thanks Steve!

-AC

"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:uyspwVnmEHA.592@TK2MSFTNGP11.phx.gbl...
> Exactly what error message do they get? Are they trying to logon to the
server
> console or via Terminal Services? If there any entries in the deny logon
locally user
> right in the Domain Controller Security Policy that the user is a member
of then they
> will not be allowed to logon locally. Be sure to check Local Security
policy on the
> domain controller after making the change in Domain Controller Security
Policy to
> make sure the groups/users look correct indicating the Domain Controller
Security
> Policy has been applied. Look in the security log for failed logon events
which may
> give you an idea why they are being denied logon. The "logon type" is
helpful
> information. See the link below for more on that. --- Steve
>
>
http://www.microsoft.com/resources/documentation/WindowsServ/2003/datacenter/proddocs/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/datacenter/proddocs/en-us/518.asp
>
> "AC" <spam@aNOSPAMMEconnell.com> wrote in message
> news:%23y6WPfmmEHA.648@tk2msftngp13.phx.gbl...
> > Steve-
> >
> > Thanks for responding... made user the changes in both policies and
> > rebooted... still no luck. Any other ideas?
> >
> > -AC
> >
> > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> > news:u$XjplemEHA.2948@TK2MSFTNGP11.phx.gbl...
> >> For domain controllers you must configure the right to logon locally in
> > Domain
> >> Controller Security Policy. Domain policy will not work because the
Domain
> > Controller
> >> Security Policy takes precedence for defined settings and user rights
are
> > defined
> >> there. --- Steve
> >>
> >>
> >> "AC" <spam@aNOSPAMMEconnell.com> wrote in message
> >> news:%234G5GJcmEHA.1652@TK2MSFTNGP09.phx.gbl...
> >> > It's the latter... they can't login to the box as an interactive
user.
> > I
> >> > added the builtin Users group to the domain policy "Allow Logon
Locally"
> > and
> >> > made sure in the user's properties they were allowed to login to any
PC
> > on
> >> > the domain as well as no lockouts.
> >> >
> >> > Any other ideas?
> >> >
> >> > -AC
> >> >
> >> > "Arek Iskra [MVP]" <NoSpam_arek@arekiskra.com> wrote in message
> >> > news:OMPSgMamEHA.3524@TK2MSFTNGP12.phx.gbl...
> >> >> Do you mean to login to your test domain or to the server directly?
If
> > the
> >> >> latter, check that they have "logon locally" permission.
> >> >>
> >> >> --
> >> >> Arek Iskra
> >> >> MVP for Windows Server - Software Distribution
> >> >>
> >> >>
> >> >> "AC" <spam@aNOSPAMMEconnell.com> wrote in message
> >> >> news:%23VgCX7ZmEHA.3824@TK2MSFTNGP12.phx.gbl...
> >> >> I have a stand alone Win2003 standard server w/ AD installed
> > (development
> >> >> box). I've created a few test users, but they can't login to the
> > server
> >> >> (highest permissions = added to Users group). I want to allow this
> > group
> >> > to
> >> >> login because I need to test what they see vs. what admins see.
Can't
> >> > seem
> >> >> to find the policy where this config is located.
> >> >>
> >> >>
> >> >
> >> >
> >>
> >>
> >
> >
>
>

---

• Next message: Jerry Bryant [MSFT]: "Microsoft Security Bulletins for September 2004"
• Previous message: Miha Pihler: "Re: Administering AD through another machine"
• In reply to: Steven L Umbach: "Re: Stand alone Win2003 Standard w/ AD... how to allow users to login?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: logon from the server machine ! ... >The default Domain Controller policy in Windows Server ... >Security Policy setting. ... Allow Local Logon ... (microsoft.public.windows.server.general) Re: Why allow log on locally" is not configured by default?? ... To logon locally you would have to be sitting in front of the console or use ... There are two policy under admin tools -> domain controller security ... Domain Controller policy impacts ALL dc's in your network. ... asking it if it is ok that this user log onto this workstation, ... (microsoft.public.windows.server.active_directory) Re: Unable to use Remote desktop ... When trying to connect to a W2K domain controller running Terminal ... Services with Application Server mode for user access, you as a TS user may ... receive "The local policy of this system does not permit you to logon ... (microsoft.public.windowsxp.network_web) Re: Domain ... Domain Controller Security Policy has all user rights assignments ... Configuring ipsec policy at the domain level ... (microsoft.public.win2000.group_policy) Re: Win2000 Terminal Server Logons not permitted ... > Is the terminal server also a Domain Controller? ... When we try to logon ... >>>> We have changed permissions in Domain Security Policy, ... (microsoft.public.win2000.group_policy)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)