Re: Local Policy Database - failed to save

From: Roger Abell (mvpNOSPAM@asu.edu)
Date: 06/02/02 

From: "Roger Abell" <mvpNOSPAM@asu.edu>
Date: Sun, 2 Jun 2002 09:20:12 -0700

Last part first.

When you removed the machine from the domain, you only
changed things on the machine. The domain admin needs to
remove the machine on the domain side for it to no longer be
defined in AD. But, this should not be causing you problems,
as your machine will just be telling the domain "no way, I do
not recognize you" if the domain did try anything (but in fact
it will not as most behavior is pull-triggered by domain
members, not pushed by domain control).

It sound as though what you are trying, in order to add accounts
to have the Local login right is essentially correct. One step
though was described as
> In locations, I am able to select the local machine or the
> workgroup - the domain doesn't show up. I select the
> workgroup...Next, the users in the workgroup pop up - it
here you should be selecting the local machine.

A standalone machine can only deal with accounts that are
defined on the machine itself. Now, if you do select workgroup
you intimately should be only able to select local accounts ( I can
not even get that far on a purely stand alone that has never joined
a domain). Evidently something is different for you.

If you select the machine at this point then you can save the changes?

Workgroup is really only a logical concept for grouping machines
together in the network browser. It has no real force of security
sharing, etc.. XP browser behavior has changed from earlier
versions, with the workgroup one is in being the limit of what is
automatically visible in the network browser. 

--
Roger Abell
MVP (Windows Platform)  Associate Expert
The Expert Zone - www.microsoft.com/windowsxp/expertzone
"Ron" <muellerr64@hotmail.com> wrote in message
news:92e301c20971$b61a5a50$9ee62ecf@tkmsftngxa05...
> The machine was in the domain, I removed it and had it
> join a workgroup only.
>
> The account is not a domain account, local to the machine
> I'm trying to add users to the local policies/user rights
> assignments/access this machine from the network.
>
> In locations, I am able to select the local machine or the
> workgroup - the domain doesnt show up.  I select the
> workgroup...Next, the users in the workgroup pop up - it
> finds them all...  I select the users I am interested in
> having access the machine.  Click ok - and the error pops
> up.
>
> Even though I removed the machine (locally) from the
> domain to join the workgroup, the Domain controller (W2k
> Enterprise) still has a machine account in the directory.
> As well an account exists in the directory, but it is the
> domain account not the XP workgroup account (same name
> though).  Does that have anything to do with it?
>
> >-----Original Message-----
> >Is this XP joined into the domain ?
> >What settings are you trying to modify in the local policy
> >when it fails to save the changes ?
> >
> >Accounts from other than the local machine can only be
> >used to set permissions on the local machine if they are
> >domain accounts from the domain the machine is joined to
> >(of from a domain trusted by it).  A rule of thumb is
> that if
> >you cannot select an account by navigation in the UI then
> >you cannot use the account to control security.
> >
> >--
> >Roger Abell
> >MVP (Windows Platform)  Associate Expert
> >The Expert Zone - www.microsoft.com/windowsxp/expertzone
> >
> >"ron" <muellerr64@hotmail.com> wrote in message
> >news:8d8f01c20861$b1791e70$37ef2ecf@TKMSFTNGXA13...
> >> I cannot see shared printers on other XP machines in a
> >> workgroup...nore can I see shares on any XP machine.
> >>
> >> Tried to change access this computer from the network in
> >> local policy...I can add the workgroup users, as soon as
> >> I hit ok or apply - I get the error 'failed to save
> local
> >> policy database'
> >>
> >> There is a domain controller in the network, W2k...does
> >> it have anything to do with this?  Active directory on
> >> the DC knows about the other XP computers...which have
> no
> >> trouble accessing the DC.
> >
> >
> >.
> >

Relevant Pages

  • Re: help understanding authentication on workgroups
    ... network client services on and print/file sharing on), ... workgroup authentication is said to be ... the password for that guest account on that computer, I get access to that PC ... The browser provides visibility. ...
    (microsoft.public.windowsxp.network_web)
  • Re: help understanding authentication on workgroups
    ... network client services on and print/file sharing on), ... workgroup authentication is said to be ... the password for that guest account on that computer, I get access to that PC ... The browser provides visibility. ...
    (microsoft.public.windowsxp.network_web)
  • Re: help understanding authentication on workgroups
    ... shared files on the PCs in my workgroup, I don't have any shared files there ... network client services on and print/file sharing on), ... the password for that guest account on that computer, I get access to that PC ... The browser provides visibility. ...
    (microsoft.public.windowsxp.network_web)
  • RE: xp home -> xp home
    ... > After installation of xp home, the network became a one way thing only. ... > no account login ever asked for, no account on machine b of any shape or sort ... > see itself in the workgroup list of computers let alone access machine a. ... > access permissions. ...
    (microsoft.public.windowsxp.network_web)
  • Re: help understanding authentication on workgroups
    ... network client services on and print/file sharing on), ... workgroup authentication is said to be ... the password for that guest account on that computer, I get access to that PC ... The browser provides visibility. ...
    (microsoft.public.windowsxp.network_web)