Sign in with
Sign up | Sign in
Your question

Need to reboot Win2K to logon locally?

Tags:
  • Domain
  • Active Directory
  • Servers
  • Windows
Last response: in Windows 2000/NT
Share
Anonymous
March 23, 2005 7:04:21 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I want domain users to be able to logon at the server in the machine
room, so I changed the default GP for the domain to enable local logons.
After making this change and logging out, domain user accounts are
still unable to logon (they receive the "group policy does not allow..."
message).

Shouldn't this take effect right away?

I had to do something silly like give individual users membership in the
print operators security group so they could logon at the server.

More about : reboot win2k logon locally

Anonymous
March 23, 2005 7:04:22 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"Pat Coghlan" <info@coghlan.ca> wrote in message
news:p Rk0e.8089$JK1.560075@news20.bellglobal.com...
> I want domain users to be able to logon at the server in the machine
> room, so I changed the default GP for the domain to enable local logons.

First let me say: Ugh!

Then to your issue

Is this a "server" or more specifically a DC?

Doesn't the Default (or other) Domain Controller policy
override that setting?

> After making this change and logging out, domain user accounts are
> still unable to logon (they receive the "group policy does not allow..."
> message).

Is there one DC or did you make sure this replicated
to every other DC of the domain (which might be
authenticating the computer and providing the GPO)?

Did you EITHER reboot, wait for automatic policy
update (periodically), or refresh the policy manually
with something like SecEdit or GPUpdate (in XP-Win2003)?

> Shouldn't this take effect right away?

After replication AND (update OR reboot.)

Unless overriddden by a later (more specific) policy.


> I had to do something silly like give individual users membership in the
> print operators security group so they could logon at the server.
Anonymous
March 24, 2005 11:53:10 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

As stated in my other post, I wonder if this is the right policy to be
changing to allow domain logons at the DC (vs local logons).

Herb Martin wrote:

> "Pat Coghlan" <info@coghlan.ca> wrote in message
> news:p Rk0e.8089$JK1.560075@news20.bellglobal.com...
>
>>I want domain users to be able to logon at the server in the machine
>>room, so I changed the default GP for the domain to enable local logons.
>
>
> First let me say: Ugh!
>
> Then to your issue
>
> Is this a "server" or more specifically a DC?
>
> Doesn't the Default (or other) Domain Controller policy
> override that setting?
>
>
>> After making this change and logging out, domain user accounts are
>>still unable to logon (they receive the "group policy does not allow..."
>>message).
>
>
> Is there one DC or did you make sure this replicated
> to every other DC of the domain (which might be
> authenticating the computer and providing the GPO)?
>
> Did you EITHER reboot, wait for automatic policy
> update (periodically), or refresh the policy manually
> with something like SecEdit or GPUpdate (in XP-Win2003)?
>
>
>>Shouldn't this take effect right away?
>
>
> After replication AND (update OR reboot.)
>
> Unless overriddden by a later (more specific) policy.
>
>
>
>>I had to do something silly like give individual users membership in the
>>print operators security group so they could logon at the server.
>
>
>
!