ADMIN account issue

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi,

I have a critical issue which I haven't been able to resolve. Perhaps
someone out there can help.

We have a Windows 2000 network with several servers and over 200 computers.
Changes to our AD structures goes through me before anything is done, so I
know what changes are made to our system infrastructure. Most of the time we
manage our server systems through the a Remote Desktop session using
Terminal Services in Administrative mode NOT Application mode. Just recently
when trying to RDP to any of the DC servers I get a message that says:
UNABLE TO LOGIN INTERACTIVELY. I checked my server event logs and there's
nothing that indicates changes to the administrator account. I looked in the
MS knowledge base but all the article I've found have not been very helpful.
Our Veritas backup has started failing since this message started coming up.

Does any one have a clue as to what might've cause this to change? Any ideas
comment is greatly appreciated by me and my organization.

Louis-

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Have you tried rebooting that server. Though I cant remember it, there is a command you can run at the DOS level that will make that happen to stop other from loggin in while you are trying to update or whatever, but it goes away after you reboot the server.

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I don't know how it changed unless a security template or such has been implemented
but the problem probably is related to the user right for logon locally and deny
logon locally at the Domain Controller Security Policy or GPO created at the GPO
level. Check Local Security Policy on a domain controller for the effective settings
for those two user rights and if the user or a group that the user belongs to is
listed in the deny logon locally user right, that will override the user right to
logon locally. I would also enable auditing of policy change in Domain Controller
Security Policy which in the future may show you when and who changed a security
policy. -- Steve


"lt" <l@seedco.org> wrote in message news:ee4gNQjdEHA.4092@TK2MSFTNGP10.phx.gbl...
> Hi,
>
> I have a critical issue which I haven't been able to resolve. Perhaps
> someone out there can help.
>
> We have a Windows 2000 network with several servers and over 200 computers.
> Changes to our AD structures goes through me before anything is done, so I
> know what changes are made to our system infrastructure. Most of the time we
> manage our server systems through the a Remote Desktop session using
> Terminal Services in Administrative mode NOT Application mode. Just recently
> when trying to RDP to any of the DC servers I get a message that says:
> UNABLE TO LOGIN INTERACTIVELY. I checked my server event logs and there's
> nothing that indicates changes to the administrator account. I looked in the
> MS knowledge base but all the article I've found have not been very helpful.
> Our Veritas backup has started failing since this message started coming up.
>
> Does any one have a clue as to what might've cause this to change? Any ideas
> comment is greatly appreciated by me and my organization.
>
> Louis-
>
>