Re: Login Interactively
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 06/27/05
- Next message: Roger Abell: "Re: Group Policy????"
- Previous message: juannorton_at_gmail.com: "new user with different privileges"
- In reply to: David: "Re: Login Interactively"
- Next in thread: Steven L Umbach: "Re: Login Interactively"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 27 Jun 2005 07:40:22 -0700
And did you get any further failures to follow up on when you
ran these tools on the other DCs ? The test are relative to the
DC (or client) on which they are run.
-- Roger Abell Microsoft MVP (Windows Security) "David" <dplotts@nospamaesarchitech.com> wrote in message news:OxVlxpxeFHA.1328@TK2MSFTNGP12.phx.gbl... > I did have a problem with the backup domain controler replicating (FRS) > correctly. I had to enable Journal Wrap Automatic restore for it to work > again. > > As of Friday afternoon replication was working again, but I am still getting > the error on clients. dcdiag passes fully on the primary domain controler. > netdiag does as well except for the Kerberos test which failed with the > error "Kerberos does not have a ticket for host/server.domainname" > > > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message > news:OiJwahHeFHA.2420@TK2MSFTNGP15.phx.gbl... > > Roger's advice as usual is right on. I just want to add that from your > > description you seem to have inconsistent application of Group Policy and > > that it seems that at the domain/OU level you configured the user rights > > for logon locally and/or deny logon locally incorrectly. Keep in mind that > > deny user right will override an allow user right. I would also suggest > > that you make sure that your dns is correctly configured for the domain as > > per the first link below. Use the support tools netdiag, dcdiag, and > > gpotool on your domain controller and the support tools netdiag and > > gpresult on your domain member computers to check for proper network > > connectivity, dns name resolution, domain membership/secure channel, and > > replication for domain controllers. --- Steve > > > > http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382 > > > > "David" <dplotts@nospamaesarchitech.com> wrote in message > > news:eXqAt4%23dFHA.2752@TK2MSFTNGP10.phx.gbl... > >> We're running a domain with a Windows 2003 server as the pdc and a > >> Windows 2000 server as the sdc. All of the clients are XP Pro or 2000. > >> > >> I just enabled group policy so that all of the machines would get > >> automatic updates. > >> > >> Now when the majority of the users try to login they get "'The local > >> policy of this system does not permit you to logon interactively" > >> > >> If I reboot sometimes it will let them login. Other times logging in as > >> administrator then trying to login as them works. > >> > >> Some users have no problem logging in. > >> > >> Is there some setting somewhere that configures this? > >> > >> I've already given everyone local login rights through the Domain > >> Controller Security Policy, but still get the error. > >> > >> Thanks > >> > > > > > >
- Next message: Roger Abell: "Re: Group Policy????"
- Previous message: juannorton_at_gmail.com: "new user with different privileges"
- In reply to: David: "Re: Login Interactively"
- Next in thread: Steven L Umbach: "Re: Login Interactively"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
