Re: Locked out of Win2k Server

From: [-=Dan=-] (getbent_at_ease.com)
Date: 02/14/05 

Date: Mon, 14 Feb 2005 11:32:47 -0000

"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:%23c6xIFOEFHA.1040@TK2MSFTNGP09.phx.gbl...
>I have read all of your posts - twice
> and I am still unclear why everyone seems to think
> you are saying that you cannot log into any machine
> in the domain. I can see how what you have said
> could be interpreted as that way, but I can also see
> how you may be speaking only about logging into
> just that one member - which is the case?
>
> That you cannot log into the member server with either
> a domain or machine local account can be simply
> reversed by checking a few policies in whatever GPOs
> might have the member in their scope of application.
> Check especially, both in the computer settings tree of
> policies, 1) the User Right to Log on locally, and Deny
> local logon, and 2) the membership of any Restricted
> groups (if you have defined these) that might be used
> in the two User Right polices just mentioned.
>
Hi Roger,

sorry for the confusion. My problem is that I can not logon onto the member
server with a domain or local account. I rebuilt the member server and it
was great, working fine, until I joined it to the domain. Ever since then, I
cannot logon to it locally *or* log into the domain from it. I've ran
dcpromo on the server to remove AD, and just reinstalled AD, hopefully to
get rid of any policies. Of course now, I still cannot logon to the member
machine. So now, I will rebuild said member server *again*.

This will hopefull fix the problem, but what I don't understand is how this
has happened. I'm 99% sure that I didn't apply *any* of the 'Computer
configuration' settings in the policy, only the 'User configuration' ones.

Thanks all for your help

Dan

Relevant Pages

  • Re: Locked out of Win2k Server
    ... > I don't think I indicated that he could not logon to any computer in the ... >> That you cannot log into the member server with either ... >> policies, 1) the User Right to Log on locally, and Deny ... >>> the Administrator account. ...
    (microsoft.public.windows.server.security)
  • Re: Locked out of Win2k Server
    ... The reply was to Don's first post trying to clarify this point. ... > I don't think I indicated that he could not logon to any computer in the ... >> That you cannot log into the member server with either ... >> policies, 1) the User Right to Log on locally, and Deny ...
    (microsoft.public.windows.server.security)
  • Re: Add domain usergroup to local admin group problem
    ... can you try to remove that member server from the domain and re-add it again? ... administrators group it does not list the AD group I added. ... > member of the local Administrators group of the member server. ...
    (microsoft.public.windows.server.active_directory)
  • RE: Basic question/confirmation - Another basic question.
    ... all I need to do now is bring in a W2k3 member server, promote it to a DC, ... > As for the not-in-place upgrade, I need to extract the steps more clearly. ... > Operation Master DC of each domain in the forest being upgraded. ...
    (microsoft.public.windows.server.migration)
  • Re: SBS2k3 looses DNS when it gets rebooted
    ... Now that the member server is back up and running and is once ... each time to verify that the member server is a secondary DNS and it is. ... For a temporary fix I have installed secondary DNS on a web server running ...
    (microsoft.public.windows.server.sbs)