Re: Locked out of Win2k Server

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 02/12/05 

Date: Sat, 12 Feb 2005 13:55:08 -0600

I don't think I indicated that he could not logon to any computer in the
domain?? I asked if he could as the post was confusing. I admit I could have
said. "Logon to a domain controller". --- Steve

******************************
Can you logon to a domain controller?? [My first line]
******************************
 can you logon to any computer in the domain??
************************************

"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:%23c6xIFOEFHA.1040@TK2MSFTNGP09.phx.gbl...
>I have read all of your posts - twice
> and I am still unclear why everyone seems to think
> you are saying that you cannot log into any machine
> in the domain. I can see how what you have said
> could be interpreted as that way, but I can also see
> how you may be speaking only about logging into
> just that one member - which is the case?
>
> That you cannot log into the member server with either
> a domain or machine local account can be simply
> reversed by checking a few policies in whatever GPOs
> might have the member in their scope of application.
> Check especially, both in the computer settings tree of
> policies, 1) the User Right to Log on locally, and Deny
> local logon, and 2) the membership of any Restricted
> groups (if you have defined these) that might be used
> in the two User Right polices just mentioned.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "[-=Dan=-]" <getbent@ease.com> wrote in message
> news:373rt9F57bv0pU1@individual.net...
>> Hi all,
>>
>> I have a Windows 2000 server as a member server of a Windows 2000 AD
> Domain.
>> I've been messing with policies of an OU on the domain controller, trying
> to
>> lock down a desktop. Now, I can't logon to my member server, either
> through
>> TS or at the console, I get 'The local policy of this system does not
> permit
>> you to logon interactively". I can't logon to the local machine, even
> using
>> the Administrator account. And I can't logon to the domain, again using
> the
>> Administrator account.
>>
>> I'm well and truly knobbed off.
>>
>> Does anyone have any ideas before I rebuild this server?
>>
>> TIA
>>
>> Dan
>>
>>
>
>

Relevant Pages

  • Re: Locked out of Win2k Server
    ... > I don't think I indicated that he could not logon to any computer in the ... >> That you cannot log into the member server with either ... >> policies, 1) the User Right to Log on locally, and Deny ... >>> the Administrator account. ...
    (microsoft.public.windows.server.security)
  • Re: Long time taking for Single user to logon
    ... Have them try and logon to a different workstation. ... posting is provided "AS IS" with no warranties, and confers no rights. ... Any chance that the user is member of an Universal Group? ... Asked user to login from some diffrent system from the same site. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Locked out of Win2k Server
    ... The reply was to Don's first post trying to clarify this point. ... > I don't think I indicated that he could not logon to any computer in the ... >> That you cannot log into the member server with either ... >> policies, 1) the User Right to Log on locally, and Deny ...
    (microsoft.public.windows.server.security)
  • Re: ADAM userProxy userPrincipalName domain suffix issue
    ... especially IF that member is a userProxy object? ... The membership of a group in ADAM is defined by the member attribute ... Successful Network Logon: ...
    (microsoft.public.windows.server.active_directory)
  • Re: User Login
    ... filtering so that only this group gets the deny logon locally privilegs. ... the domain group called Domain Users is a member of the local ... put those user accounts into domain group and apply a GPO to the OU ... "Meinolf Weber" wrote: ...
    (microsoft.public.windows.server.active_directory)