Re: Login Interactively
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 06/27/05
- Next message: Steven L Umbach: "Re: new user with different privileges"
- Previous message: Matt Gibson: "Re: Puzzling Security"
- In reply to: David: "Re: Login Interactively"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 27 Jun 2005 11:24:52 -0500
As Roger suggested you need to verify that dcdiag/netdiag shows that all
domain controllers are working well. Does gpotool show that all is fine with
Group Policies/sysvol?? The domain computers could be obtaining their Group
Policy settings from any domain controller and you can use the support tool
gpresult to see exactly what domain controller a domain computer is using
and the last time Group policy was applied for user and computer. What
errors are you still getting?? If the problem is still no interactive logon
what I would do is to configure the Group Policy that is closest to the
computers [either domain or OU where the computer accounts are located if
they are in an OU] so that the user right for logon locally includes
authenticated users and administrators and configure deny logon locally to
include only guest. The reboot the problem domain computers to see if you
can logon. --- Steve
"David" <dplotts@nospamaesarchitech.com> wrote in message
news:OxVlxpxeFHA.1328@TK2MSFTNGP12.phx.gbl...
>I did have a problem with the backup domain controler replicating (FRS)
>correctly. I had to enable Journal Wrap Automatic restore for it to work
>again.
>
> As of Friday afternoon replication was working again, but I am still
> getting the error on clients. dcdiag passes fully on the primary domain
> controler. netdiag does as well except for the Kerberos test which failed
> with the error "Kerberos does not have a ticket for
> host/server.domainname"
>
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:OiJwahHeFHA.2420@TK2MSFTNGP15.phx.gbl...
>> Roger's advice as usual is right on. I just want to add that from your
>> description you seem to have inconsistent application of Group Policy and
>> that it seems that at the domain/OU level you configured the user rights
>> for logon locally and/or deny logon locally incorrectly. Keep in mind
>> that deny user right will override an allow user right. I would also
>> suggest that you make sure that your dns is correctly configured for the
>> domain as per the first link below. Use the support tools netdiag,
>> dcdiag, and gpotool on your domain controller and the support tools
>> netdiag and gpresult on your domain member computers to check for proper
>> network connectivity, dns name resolution, domain membership/secure
>> channel, and replication for domain controllers. --- Steve
>>
>> http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382
>>
>> "David" <dplotts@nospamaesarchitech.com> wrote in message
>> news:eXqAt4%23dFHA.2752@TK2MSFTNGP10.phx.gbl...
>>> We're running a domain with a Windows 2003 server as the pdc and a
>>> Windows 2000 server as the sdc. All of the clients are XP Pro or 2000.
>>>
>>> I just enabled group policy so that all of the machines would get
>>> automatic updates.
>>>
>>> Now when the majority of the users try to login they get "'The local
>>> policy of this system does not permit you to logon interactively"
>>>
>>> If I reboot sometimes it will let them login. Other times logging in as
>>> administrator then trying to login as them works.
>>>
>>> Some users have no problem logging in.
>>>
>>> Is there some setting somewhere that configures this?
>>>
>>> I've already given everyone local login rights through the Domain
>>> Controller Security Policy, but still get the error.
>>>
>>> Thanks
>>>
>>
>>
>
>
- Next message: Steven L Umbach: "Re: new user with different privileges"
- Previous message: Matt Gibson: "Re: Puzzling Security"
- In reply to: David: "Re: Login Interactively"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
