Re: Really no answer?
From: VM (vm@not.a.valid.address)
Date: 06/24/02
- Next message: Kent W. England [MVP]: "Re: Logon Password Lost - Please Help"
- Previous message: Shenan: "Re: XP Admin"
- In reply to: Roger Abell [MVP]: "Re: Really no answer?"
- Next in thread: drunkardswalk@earthlink.net: "Re: Really no answer?"
- Reply: drunkardswalk@earthlink.net: "Re: Really no answer?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "VM" <vm@not.a.valid.address> Date: Mon, 24 Jun 2002 10:05:44 -0700
Sometimes helps if you clear the security log. If that works, also change
its setting to "overwrite events as necessary".
HTH
"Roger Abell [MVP]" <mvpNOSPAM@asu.edu> wrote in message
news:#bHq$tWGCHA.1744@tkmsftngp13...
> Reid,
>
> If you have done this repeatedly, have you noticed at which
> point your issue surfaces, assuming you tighten a little, test,
> a little more, test, etc.
> The incremental application of the sec and hi sec templates
> should not be causing you an issue with local login as a user
> account to a workgroup model system. So, it must be in some
> other setting you are making.
> Do you have a link for the Cox whitepaper which you mention ?
>
> BTW - from other thread: use of the Setup Security.inf or the
> defltwks.inf will not revert a system because many settings are
> left "not defined" in these, so reapplying these will leave whatever
> settings have been made for those just as they were.
>
> If it makes you feel any better, I currently have a mystery system
> I am working with that does not, but appears like it should, allow
> Users members that are not Administrators members local login.
> There is no message given, just a return to the login screen.
> There is no event log message written whether for successful or
> for failed login. It is not a permissions on the profile area issue.
>
> --
> Roger Abell
> MS MVP (Windows Platform), MCSE, MCDBA
> Associate Expert - Windows XP ExpertZone
> http://www.microsoft.com/windowsxp/expertzone
>
> <drunkardswalk@earthlink.net> wrote in message
> news:7f16hu4soglkhtl9br5a5ii3gqj05ed8al@4ax.com...
> > I'm reposting this question with a less specific subject line in the
> > hope that someone will bother to answer it. Original text follows.
> > One addition: the logon error message I get is "Your account is
> > configured to prevent you from logging on at this station."
> >
>
> --------------------------------------------------------------------------
> ---------------------------
> >
> > Does anyone have any idea what's going on with the following? I
> > install XP Pro as a standalone workgroup, create several accounts of
> > various types, and everything works fine. After applying, in order,
> > the securews.inf and hisecws.iinf, and juicing a few security settings
> > (a couple of sources for that, but Cox' whitepaper the most obvious),
> > the system refuses to allow anyone but a member of the admin group log
> > on.
> >
> > Since it isn't limited to merely the 500 builtin account, I'd think
> > it's a rights issue, but I haven't been able to pin it down. Everyone
> > has Traversal Bypass and Local Logon rights, so it's not that.
> >
> > I do shut down a number of services, but it makes no difference if I
> > re-enable *all* services.
> >
> > I do run most of the settings in Local Policies/Security Options as
> > tight as they can be, but I'm not entirely clear on what a few of them
> > are, since MS' docs aren't very forthcoming (I've read the Platform
> > SDK security docs thoroughly, as well as the ResKit registry docs and
> > a couple of books, and still don't know). I've tried backing these
> > off, and installing the SetupSecurity.inf template, but the problem
> > remains. I was using the Group Policy console, as well, and setting
> > GP to not load had no effect either.
> >
> > I've been able to replicate this several times on different machines,
> > and it's very annoying. Just as I get the security settings tweaked
> > up to something almost reasonable, the user accounts die.
> >
> > Any help will be greatly appreciated (and little short of miraculous,
> > IMHO <g>).
> >
> > Reid Sweatman
> > Software Engineer
>
>
- Next message: Kent W. England [MVP]: "Re: Logon Password Lost - Please Help"
- Previous message: Shenan: "Re: XP Admin"
- In reply to: Roger Abell [MVP]: "Re: Really no answer?"
- Next in thread: drunkardswalk@earthlink.net: "Re: Really no answer?"
- Reply: drunkardswalk@earthlink.net: "Re: Really no answer?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
