HELP!!! Unable to logon to Server 2000

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Some changes were made to group policy several days ago
and something musta got screwed up because I cannot log
back in now that I have logged out. I get the following
message after the failed login: "the local policy of this
system does not permit you to logon interactively"
Is there anything that I can do?
13 answers Last reply
More about help unable logon server 2000
  1. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Restart the computer into DS restore mode. Try to change local GPO, or try
    to change it from another computer.

    --
    Regards
    Christoffer Andersson
    Microsoft MVP - Directory Services

    No email replies please - reply in the newsgroup
    ------------------------------------------------
    http://www.chrisse.se - Active Directory Tips

    "Dave W" <anonymous@discussions.microsoft.com> skrev i meddelandet
    news:2f7e01c4a4bc$03ecbd30$a301280a@phx.gbl...
    > Some changes were made to group policy several days ago
    > and something musta got screwed up because I cannot log
    > back in now that I have logged out. I get the following
    > message after the failed login: "the local policy of this
    > system does not permit you to logon interactively"
    > Is there anything that I can do?
  2. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Go here
    http://www.joeware.net/win32/index.html
    download the SeInteractiveLogonRight from the win32 c++ tools page have a
    read then run it and your good to go

    rgds
    Steve


    "Chriss3 [MVP]" <noSpamHere@chrisse.se> wrote in message
    news:OjRUVVMpEHA.744@TK2MSFTNGP10.phx.gbl...
    > Restart the computer into DS restore mode. Try to change local GPO, or try
    > to change it from another computer.
    >
    > --
    > Regards
    > Christoffer Andersson
    > Microsoft MVP - Directory Services
    >
    > No email replies please - reply in the newsgroup
    > ------------------------------------------------
    > http://www.chrisse.se - Active Directory Tips
    >
    > "Dave W" <anonymous@discussions.microsoft.com> skrev i meddelandet
    > news:2f7e01c4a4bc$03ecbd30$a301280a@phx.gbl...
    > > Some changes were made to group policy several days ago
    > > and something musta got screwed up because I cannot log
    > > back in now that I have logged out. I get the following
    > > message after the failed login: "the local policy of this
    > > system does not permit you to logon interactively"
    > > Is there anything that I can do?
    >
    >
  3. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Thanks, but how do I "use" it? It's a little exe that
    apparently must be run in a windows environment. If I
    can't logon, how do I do that?

    Dave
    >-----Original Message-----
    >Go here
    >http://www.joeware.net/win32/index.html
    >download the SeInteractiveLogonRight from the win32 c++
    tools page have a
    >read then run it and your good to go
    >
    >rgds
    >Steve
    >
    >
    >
    >"Chriss3 [MVP]" <noSpamHere@chrisse.se> wrote in message
    >news:OjRUVVMpEHA.744@TK2MSFTNGP10.phx.gbl...
    >> Restart the computer into DS restore mode. Try to
    change local GPO, or try
    >> to change it from another computer.
    >>
    >> --
    >> Regards
    >> Christoffer Andersson
    >> Microsoft MVP - Directory Services
    >>
    >> No email replies please - reply in the newsgroup
    >> ------------------------------------------------
    >> http://www.chrisse.se - Active Directory Tips
    >>
    >> "Dave W" <anonymous@discussions.microsoft.com> skrev i
    meddelandet
    >> news:2f7e01c4a4bc$03ecbd30$a301280a@phx.gbl...
    >> > Some changes were made to group policy several days
    ago
    >> > and something musta got screwed up because I cannot
    log
    >> > back in now that I have logged out. I get the
    following
    >> > message after the failed login: "the local policy of
    this
    >> > system does not permit you to logon interactively"
    >> > Is there anything that I can do?
    >>
    >>
    >
    >
    >.
    >
  4. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Dave

    If your saying you cannot logon to anything in the domain that is another
    story with a whole lot of different questions attached you state Server in
    the subject but
    is this server a DC or Member server, is it the only DC, what group policy
    was changed, what changes were made to that policy
    etc etc.....

    You will have to say if this is the case and the questions will start from
    there.

    else I am assuming that your talking 1 server affected under a GPO change
    and the SeInteractiveLoginRight has been removed from some group such as
    Administrators or Everyone (quite common that's why Joe did the tool) and
    you have workstation access with network access or another server to login
    to.

    If this is the case then you just point the exe at the problem machine and
    input the details.
    (Hint Try a local admin account on a machine if the domain account cannot
    login, then run the cmd prompt using "run as" and input your domain account
    details)
    (Hint 2 is it a server in remote admin mode then try TS connection to the
    server and login that way, if you normally TS on for access then try the
    console.)

    So say server 1 is the problem in domain 1 for admin1 and he gets the error
    trying to logon
    open a command prompt on a workstation on the domain that has network access
    SeInteractiveLogonRight domain1\admin1 server1


    You can do the same with NTRights.exe as well from the resource kit except
    this has access to other settings.

    Help details from the Exe
    SeInteractiveLogonRight V00.10.00cpp joe@joeware.net September 2001

    Usage: sEINTERACTIVELOGONRIGHT <[DOMAIN\]Account> [TargetMachine]
    Will set SeInteractiveLogonRight for account on targetmachine
    Will clear SeDenyInteractiveLogonRight for account on targetmachine

    Will remove Everyone well known group from
    SeDenyInteractiveLogonRight on targetmachine

    Example: sEINTERACTIVELOGONRIGHT joehome\$jricha34 pro2


    If this is not the case then post back with some specific details on the
    situation, the lists are good but my crystal ball is on the blink at the
    moment with a hardware error ;-)

    hth
    Steve


    Code based off of MSDN Library code LSAPRIV
    "Dave W" <anonymous@discussions.microsoft.com> wrote in message
    news:395801c4a569$5f36ea00$a301280a@phx.gbl...
    > Thanks, but how do I "use" it? It's a little exe that
    > apparently must be run in a windows environment. If I
    > can't logon, how do I do that?
    >
    > Dave
    > >-----Original Message-----
    > >Go here
    > >http://www.joeware.net/win32/index.html
    > >download the SeInteractiveLogonRight from the win32 c++
    > tools page have a
    > >read then run it and your good to go
    > >
    > >rgds
    > >Steve
    > >
    > >
    > >
    > >"Chriss3 [MVP]" <noSpamHere@chrisse.se> wrote in message
    > >news:OjRUVVMpEHA.744@TK2MSFTNGP10.phx.gbl...
    > >> Restart the computer into DS restore mode. Try to
    > change local GPO, or try
    > >> to change it from another computer.
    > >>
    > >> --
    > >> Regards
    > >> Christoffer Andersson
    > >> Microsoft MVP - Directory Services
    > >>
    > >> No email replies please - reply in the newsgroup
    > >> ------------------------------------------------
    > >> http://www.chrisse.se - Active Directory Tips
    > >>
    > >> "Dave W" <anonymous@discussions.microsoft.com> skrev i
    > meddelandet
    > >> news:2f7e01c4a4bc$03ecbd30$a301280a@phx.gbl...
    > >> > Some changes were made to group policy several days
    > ago
    > >> > and something musta got screwed up because I cannot
    > log
    > >> > back in now that I have logged out. I get the
    > following
    > >> > message after the failed login: "the local policy of
    > this
    > >> > system does not permit you to logon interactively"
    > >> > Is there anything that I can do?
    > >>
    > >>
    > >
    > >
    > >.
    > >
  5. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Whew! Where to begin. The machine in question is the lone
    DC in a single AD domain. I do have another server that I
    work on that is beiing replicated to though(I think). All
    the other machines can be logged into. I have tried
    several other accounts on the DC and none of them will log
    in. I first noticed the problem over the past weekend when
    I tried to connect from home via term. serv's. The
    same "interactive logging" message. I believe the GPO that
    I screwed with was the one for the DC's as the one for the
    domain is and has been disabled for some time. I have been
    able to connect to the AD users & computers through my PC
    (server #2)and the log on locally has all the users and
    groups that I believe are necessary. The program that
    precipitated this with the GPO was a mail/spam app that
    wouldn't start it's engine so I thought that the log on
    parameters were the place to go. I have since uninstalled
    the app, which BTW was never on the DC. So are you saying
    that with the SeInteractiveLogonRight app, I just need to
    change to the directory in which it resides on a
    workstation and do a path as spelled out to the affected
    server over the network?? OK, I just tried that and it
    obviously went through it's process and returned to the
    prompt. I tried logging in to the server and still got the
    same message. I may have also changed something inside
    the control panel>administrative tools>local security
    setings on the effected server and for sure on server #2
    (where the P.O.S. application had been installed). I had
    to change the default policy from the #2 server to the
    domain from within the drop-down list box at the top of
    the window. Would changes made on a sever that is being
    replicated to, replicate back to the DC?

    I'm at my wits end on this. Any other suggestions would be
    greatly appreciated.

    Dave
    >-----Original Message-----
    >Dave
    >
    >If your saying you cannot logon to anything in the domain
    that is another
    >story with a whole lot of different questions attached
    you state Server in
    >the subject but
    >is this server a DC or Member server, is it the only DC,
    what group policy
    >was changed, what changes were made to that policy
    >etc etc.....
    >
    >You will have to say if this is the case and the
    questions will start from
    >there.
    >
    >else I am assuming that your talking 1 server affected
    under a GPO change
    >and the SeInteractiveLoginRight has been removed from
    some group such as
    >Administrators or Everyone (quite common that's why Joe
    did the tool) and
    >you have workstation access with network access or
    another server to login
    >to.
    >
    >If this is the case then you just point the exe at the
    problem machine and
    >input the details.
    >(Hint Try a local admin account on a machine if the
    domain account cannot
    >login, then run the cmd prompt using "run as" and input
    your domain account
    >details)
    >(Hint 2 is it a server in remote admin mode then try TS
    connection to the
    >server and login that way, if you normally TS on for
    access then try the
    >console.)
    >
    >So say server 1 is the problem in domain 1 for admin1 and
    he gets the error
    >trying to logon
    >open a command prompt on a workstation on the domain that
    has network access
    >SeInteractiveLogonRight domain1\admin1 server1
    >
    >
    >You can do the same with NTRights.exe as well from the
    resource kit except
    >this has access to other settings.
    >
    >Help details from the Exe
    >SeInteractiveLogonRight V00.10.00cpp joe@joeware.net
    September 2001
    >
    > Usage: sEINTERACTIVELOGONRIGHT <[DOMAIN\]Account>
    [TargetMachine]
    > Will set SeInteractiveLogonRight for account on
    targetmachine
    > Will clear SeDenyInteractiveLogonRight for
    account on targetmachine
    >
    > Will remove Everyone well known group from
    >SeDenyInteractiveLogonRight on targetmachine
    >
    > Example: sEINTERACTIVELOGONRIGHT
    joehome\$jricha34 pro2
    >
    >
    >If this is not the case then post back with some specific
    details on the
    >situation, the lists are good but my crystal ball is on
    the blink at the
    >moment with a hardware error ;-)
    >
    >hth
    >Steve
    >
    >
    >
    >Code based off of MSDN Library code LSAPRIV
    >"Dave W" <anonymous@discussions.microsoft.com> wrote in
    message
    >news:395801c4a569$5f36ea00$a301280a@phx.gbl...
    >> Thanks, but how do I "use" it? It's a little exe that
    >> apparently must be run in a windows environment. If I
    >> can't logon, how do I do that?
    >>
    >> Dave
    >> >-----Original Message-----
    >> >Go here
    >> >http://www.joeware.net/win32/index.html
    >> >download the SeInteractiveLogonRight from the win32 c++
    >> tools page have a
    >> >read then run it and your good to go
    >> >
    >> >rgds
    >> >Steve
    >> >
    >> >
    >> >
    >> >"Chriss3 [MVP]" <noSpamHere@chrisse.se> wrote in
    message
    >> >news:OjRUVVMpEHA.744@TK2MSFTNGP10.phx.gbl...
    >> >> Restart the computer into DS restore mode. Try to
    >> change local GPO, or try
    >> >> to change it from another computer.
    >> >>
    >> >> --
    >> >> Regards
    >> >> Christoffer Andersson
    >> >> Microsoft MVP - Directory Services
    >> >>
    >> >> No email replies please - reply in the newsgroup
    >> >> ------------------------------------------------
    >> >> http://www.chrisse.se - Active Directory Tips
    >> >>
    >> >> "Dave W" <anonymous@discussions.microsoft.com> skrev
    i
    >> meddelandet
    >> >> news:2f7e01c4a4bc$03ecbd30$a301280a@phx.gbl...
    >> >> > Some changes were made to group policy several days
    >> ago
    >> >> > and something musta got screwed up because I cannot
    >> log
    >> >> > back in now that I have logged out. I get the
    >> following
    >> >> > message after the failed login: "the local policy
    of
    >> this
    >> >> > system does not permit you to logon interactively"
    >> >> > Is there anything that I can do?
    >> >>
    >> >>
    >> >
    >> >
    >> >.
    >> >
    >
    >
    >.
    >
  6. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Install Adminpak on one of your Windows 2000 domain computers that you can
    logon to as a domain administrator and use it to modify the problem policy
    from that computer. My guess is that the change was made in Domain
    Controller Security Policy under security settings/local policies/user
    rights. Look at the two user rights for logon locally and deny logon
    locally. By default administrators is in the logon locally for domain
    controllers and the deny logon locally is defined but empty. If there is
    more than one GPO in the domain controller container you will need to check
    them all for those user rights. Adminpak is on the server install disk in
    the I386 folder. --- Steve

    http://support.microsoft.com/default.aspx?scid=kb;en-us;216999

    "Dave W" <anonymous@discussions.microsoft.com> wrote in message
    news:050b01c4a5b7$ed991f90$a401280a@phx.gbl...
    > Whew! Where to begin. The machine in question is the lone
    > DC in a single AD domain. I do have another server that I
    > work on that is beiing replicated to though(I think). All
    > the other machines can be logged into. I have tried
    > several other accounts on the DC and none of them will log
    > in. I first noticed the problem over the past weekend when
    > I tried to connect from home via term. serv's. The
    > same "interactive logging" message. I believe the GPO that
    > I screwed with was the one for the DC's as the one for the
    > domain is and has been disabled for some time. I have been
    > able to connect to the AD users & computers through my PC
    > (server #2)and the log on locally has all the users and
    > groups that I believe are necessary. The program that
    > precipitated this with the GPO was a mail/spam app that
    > wouldn't start it's engine so I thought that the log on
    > parameters were the place to go. I have since uninstalled
    > the app, which BTW was never on the DC. So are you saying
    > that with the SeInteractiveLogonRight app, I just need to
    > change to the directory in which it resides on a
    > workstation and do a path as spelled out to the affected
    > server over the network?? OK, I just tried that and it
    > obviously went through it's process and returned to the
    > prompt. I tried logging in to the server and still got the
    > same message. I may have also changed something inside
    > the control panel>administrative tools>local security
    > setings on the effected server and for sure on server #2
    > (where the P.O.S. application had been installed). I had
    > to change the default policy from the #2 server to the
    > domain from within the drop-down list box at the top of
    > the window. Would changes made on a sever that is being
    > replicated to, replicate back to the DC?
    >
    > I'm at my wits end on this. Any other suggestions would be
    > greatly appreciated.
    >
    > Dave
    >>-----Original Message-----
    >>Dave
    >>
    >>If your saying you cannot logon to anything in the domain
    > that is another
    >>story with a whole lot of different questions attached
    > you state Server in
    >>the subject but
    >>is this server a DC or Member server, is it the only DC,
    > what group policy
    >>was changed, what changes were made to that policy
    >>etc etc.....
    >>
    >>You will have to say if this is the case and the
    > questions will start from
    >>there.
    >>
    >>else I am assuming that your talking 1 server affected
    > under a GPO change
    >>and the SeInteractiveLoginRight has been removed from
    > some group such as
    >>Administrators or Everyone (quite common that's why Joe
    > did the tool) and
    >>you have workstation access with network access or
    > another server to login
    >>to.
    >>
    >>If this is the case then you just point the exe at the
    > problem machine and
    >>input the details.
    >>(Hint Try a local admin account on a machine if the
    > domain account cannot
    >>login, then run the cmd prompt using "run as" and input
    > your domain account
    >>details)
    >>(Hint 2 is it a server in remote admin mode then try TS
    > connection to the
    >>server and login that way, if you normally TS on for
    > access then try the
    >>console.)
    >>
    >>So say server 1 is the problem in domain 1 for admin1 and
    > he gets the error
    >>trying to logon
    >>open a command prompt on a workstation on the domain that
    > has network access
    >>SeInteractiveLogonRight domain1\admin1 server1
    >>
    >>
    >>You can do the same with NTRights.exe as well from the
    > resource kit except
    >>this has access to other settings.
    >>
    >>Help details from the Exe
    >>SeInteractiveLogonRight V00.10.00cpp joe@joeware.net
    > September 2001
    >>
    >> Usage: sEINTERACTIVELOGONRIGHT <[DOMAIN\]Account>
    > [TargetMachine]
    >> Will set SeInteractiveLogonRight for account on
    > targetmachine
    >> Will clear SeDenyInteractiveLogonRight for
    > account on targetmachine
    >>
    >> Will remove Everyone well known group from
    >>SeDenyInteractiveLogonRight on targetmachine
    >>
    >> Example: sEINTERACTIVELOGONRIGHT
    > joehome\$jricha34 pro2
    >>
    >>
    >>If this is not the case then post back with some specific
    > details on the
    >>situation, the lists are good but my crystal ball is on
    > the blink at the
    >>moment with a hardware error ;-)
    >>
    >>hth
    >>Steve
    >>
    >>
    >>
    >>Code based off of MSDN Library code LSAPRIV
    >>"Dave W" <anonymous@discussions.microsoft.com> wrote in
    > message
    >>news:395801c4a569$5f36ea00$a301280a@phx.gbl...
    >>> Thanks, but how do I "use" it? It's a little exe that
    >>> apparently must be run in a windows environment. If I
    >>> can't logon, how do I do that?
    >>>
    >>> Dave
    >>> >-----Original Message-----
    >>> >Go here
    >>> >http://www.joeware.net/win32/index.html
    >>> >download the SeInteractiveLogonRight from the win32 c++
    >>> tools page have a
    >>> >read then run it and your good to go
    >>> >
    >>> >rgds
    >>> >Steve
    >>> >
    >>> >
    >>> >
    >>> >"Chriss3 [MVP]" <noSpamHere@chrisse.se> wrote in
    > message
    >>> >news:OjRUVVMpEHA.744@TK2MSFTNGP10.phx.gbl...
    >>> >> Restart the computer into DS restore mode. Try to
    >>> change local GPO, or try
    >>> >> to change it from another computer.
    >>> >>
    >>> >> --
    >>> >> Regards
    >>> >> Christoffer Andersson
    >>> >> Microsoft MVP - Directory Services
    >>> >>
    >>> >> No email replies please - reply in the newsgroup
    >>> >> ------------------------------------------------
    >>> >> http://www.chrisse.se - Active Directory Tips
    >>> >>
    >>> >> "Dave W" <anonymous@discussions.microsoft.com> skrev
    > i
    >>> meddelandet
    >>> >> news:2f7e01c4a4bc$03ecbd30$a301280a@phx.gbl...
    >>> >> > Some changes were made to group policy several days
    >>> ago
    >>> >> > and something musta got screwed up because I cannot
    >>> log
    >>> >> > back in now that I have logged out. I get the
    >>> following
    >>> >> > message after the failed login: "the local policy
    > of
    >>> this
    >>> >> > system does not permit you to logon interactively"
    >>> >> > Is there anything that I can do?
    >>> >>
    >>> >>
    >>> >
    >>> >
    >>> >.
    >>> >
    >>
    >>
    >>.
    >>
  7. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Dave
    Other Steve here
    how are you doing on this at present ? have you managed to get to the policy
    yet?

    Your correct on the operation of the tool open the cmd prompt on the
    directory it resides and run it

    so to grant the Administrator Group the local logon right just type
    SeinteractiveLogonRight DomainName\Administrators ServerName
    this would clear the local settings in the local security policy on the
    server

    If you have changed the default domain controllers policy
    then as Steve L states use the adminpak on another machine to change that
    policy as well.

    rgds
    Steve


    "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
    news:Spn6d.274636$mD.74234@attbi_s02...
    > Install Adminpak on one of your Windows 2000 domain computers that you can
    > logon to as a domain administrator and use it to modify the problem policy
    > from that computer. My guess is that the change was made in Domain
    > Controller Security Policy under security settings/local policies/user
    > rights. Look at the two user rights for logon locally and deny logon
    > locally. By default administrators is in the logon locally for domain
    > controllers and the deny logon locally is defined but empty. If there is
    > more than one GPO in the domain controller container you will need to
    check
    > them all for those user rights. Adminpak is on the server install disk in
    > the I386 folder. --- Steve
    >
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;216999
    >
    > "Dave W" <anonymous@discussions.microsoft.com> wrote in message
    > news:050b01c4a5b7$ed991f90$a401280a@phx.gbl...
    > > Whew! Where to begin. The machine in question is the lone
    > > DC in a single AD domain. I do have another server that I
    > > work on that is beiing replicated to though(I think). All
    > > the other machines can be logged into. I have tried
    > > several other accounts on the DC and none of them will log
    > > in. I first noticed the problem over the past weekend when
    > > I tried to connect from home via term. serv's. The
    > > same "interactive logging" message. I believe the GPO that
    > > I screwed with was the one for the DC's as the one for the
    > > domain is and has been disabled for some time. I have been
    > > able to connect to the AD users & computers through my PC
    > > (server #2)and the log on locally has all the users and
    > > groups that I believe are necessary. The program that
    > > precipitated this with the GPO was a mail/spam app that
    > > wouldn't start it's engine so I thought that the log on
    > > parameters were the place to go. I have since uninstalled
    > > the app, which BTW was never on the DC. So are you saying
    > > that with the SeInteractiveLogonRight app, I just need to
    > > change to the directory in which it resides on a
    > > workstation and do a path as spelled out to the affected
    > > server over the network?? OK, I just tried that and it
    > > obviously went through it's process and returned to the
    > > prompt. I tried logging in to the server and still got the
    > > same message. I may have also changed something inside
    > > the control panel>administrative tools>local security
    > > setings on the effected server and for sure on server #2
    > > (where the P.O.S. application had been installed). I had
    > > to change the default policy from the #2 server to the
    > > domain from within the drop-down list box at the top of
    > > the window. Would changes made on a sever that is being
    > > replicated to, replicate back to the DC?
    > >
    > > I'm at my wits end on this. Any other suggestions would be
    > > greatly appreciated.
    > >
    > > Dave
    > >>-----Original Message-----
    > >>Dave
    > >>
    > >>If your saying you cannot logon to anything in the domain
    > > that is another
    > >>story with a whole lot of different questions attached
    > > you state Server in
    > >>the subject but
    > >>is this server a DC or Member server, is it the only DC,
    > > what group policy
    > >>was changed, what changes were made to that policy
    > >>etc etc.....
    > >>
    > >>You will have to say if this is the case and the
    > > questions will start from
    > >>there.
    > >>
    > >>else I am assuming that your talking 1 server affected
    > > under a GPO change
    > >>and the SeInteractiveLoginRight has been removed from
    > > some group such as
    > >>Administrators or Everyone (quite common that's why Joe
    > > did the tool) and
    > >>you have workstation access with network access or
    > > another server to login
    > >>to.
    > >>
    > >>If this is the case then you just point the exe at the
    > > problem machine and
    > >>input the details.
    > >>(Hint Try a local admin account on a machine if the
    > > domain account cannot
    > >>login, then run the cmd prompt using "run as" and input
    > > your domain account
    > >>details)
    > >>(Hint 2 is it a server in remote admin mode then try TS
    > > connection to the
    > >>server and login that way, if you normally TS on for
    > > access then try the
    > >>console.)
    > >>
    > >>So say server 1 is the problem in domain 1 for admin1 and
    > > he gets the error
    > >>trying to logon
    > >>open a command prompt on a workstation on the domain that
    > > has network access
    > >>SeInteractiveLogonRight domain1\admin1 server1
    > >>
    > >>
    > >>You can do the same with NTRights.exe as well from the
    > > resource kit except
    > >>this has access to other settings.
    > >>
    > >>Help details from the Exe
    > >>SeInteractiveLogonRight V00.10.00cpp joe@joeware.net
    > > September 2001
    > >>
    > >> Usage: sEINTERACTIVELOGONRIGHT <[DOMAIN\]Account>
    > > [TargetMachine]
    > >> Will set SeInteractiveLogonRight for account on
    > > targetmachine
    > >> Will clear SeDenyInteractiveLogonRight for
    > > account on targetmachine
    > >>
    > >> Will remove Everyone well known group from
    > >>SeDenyInteractiveLogonRight on targetmachine
    > >>
    > >> Example: sEINTERACTIVELOGONRIGHT
    > > joehome\$jricha34 pro2
    > >>
    > >>
    > >>If this is not the case then post back with some specific
    > > details on the
    > >>situation, the lists are good but my crystal ball is on
    > > the blink at the
    > >>moment with a hardware error ;-)
    > >>
    > >>hth
    > >>Steve
    > >>
    > >>
    > >>
    > >>Code based off of MSDN Library code LSAPRIV
    > >>"Dave W" <anonymous@discussions.microsoft.com> wrote in
    > > message
    > >>news:395801c4a569$5f36ea00$a301280a@phx.gbl...
    > >>> Thanks, but how do I "use" it? It's a little exe that
    > >>> apparently must be run in a windows environment. If I
    > >>> can't logon, how do I do that?
    > >>>
    > >>> Dave
    > >>> >-----Original Message-----
    > >>> >Go here
    > >>> >http://www.joeware.net/win32/index.html
    > >>> >download the SeInteractiveLogonRight from the win32 c++
    > >>> tools page have a
    > >>> >read then run it and your good to go
    > >>> >
    > >>> >rgds
    > >>> >Steve
    > >>> >
    > >>> >
    > >>> >
    > >>> >"Chriss3 [MVP]" <noSpamHere@chrisse.se> wrote in
    > > message
    > >>> >news:OjRUVVMpEHA.744@TK2MSFTNGP10.phx.gbl...
    > >>> >> Restart the computer into DS restore mode. Try to
    > >>> change local GPO, or try
    > >>> >> to change it from another computer.
    > >>> >>
    > >>> >> --
    > >>> >> Regards
    > >>> >> Christoffer Andersson
    > >>> >> Microsoft MVP - Directory Services
    > >>> >>
    > >>> >> No email replies please - reply in the newsgroup
    > >>> >> ------------------------------------------------
    > >>> >> http://www.chrisse.se - Active Directory Tips
    > >>> >>
    > >>> >> "Dave W" <anonymous@discussions.microsoft.com> skrev
    > > i
    > >>> meddelandet
    > >>> >> news:2f7e01c4a4bc$03ecbd30$a301280a@phx.gbl...
    > >>> >> > Some changes were made to group policy several days
    > >>> ago
    > >>> >> > and something musta got screwed up because I cannot
    > >>> log
    > >>> >> > back in now that I have logged out. I get the
    > >>> following
    > >>> >> > message after the failed login: "the local policy
    > > of
    > >>> this
    > >>> >> > system does not permit you to logon interactively"
    > >>> >> > Is there anything that I can do?
    > >>> >>
    > >>> >>
    > >>> >
    > >>> >
    > >>> >.
    > >>> >
    > >>
    > >>
    > >>.
    > >>
    >
    >
  8. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Still can't logon to that machine. I ran the
    SeInteractiveLogonRight app again and got an error msg
    this time. In your post you spelled out the command
    as "SeinteractiveLogonRight DomainName\Administrators
    ServerName". Is "administrators" literal, including the
    pluralization? Anyways, I do have the Administrative Tools
    on my Program Menu (on my server#2) so I am able to access
    the controls for the domain Contrioller (server#1). I have
    checked the GPO for the DC group and it is exactly as I've
    been told to set it(enable but don't specify for the "deny
    logon" and the "logon locally" has the administrator (as
    well as quite a few others in it). At the moment it's not
    a crisis, but I can see that happening at some point. Our
    Exchange server is on that server. I can access various
    file and folders through the Network Neighborhood as well.
    That includes the "sysvol" share and others. II have even
    tried disabling all of the policies .
    >-----Original Message-----
    >Dave
    >Other Steve here
    >how are you doing on this at present ? have you managed
    to get to the policy
    >yet?
    >
    >Your correct on the operation of the tool open the cmd
    prompt on the
    >directory it resides and run it
    >
    >so to grant the Administrator Group the local logon right
    just type
    >SeinteractiveLogonRight DomainName\Administrators
    ServerName
    >this would clear the local settings in the local security
    policy on the
    >server
    >
    >If you have changed the default domain controllers policy
    >then as Steve L states use the adminpak on another
    machine to change that
    >policy as well.
    >
    >rgds
    >Steve
    >
    >
    >"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net>
    wrote in message
    >news:Spn6d.274636$mD.74234@attbi_s02...
    >> Install Adminpak on one of your Windows 2000 domain
    computers that you can
    >> logon to as a domain administrator and use it to modify
    the problem policy
    >> from that computer. My guess is that the change was
    made in Domain
    >> Controller Security Policy under security
    settings/local policies/user
    >> rights. Look at the two user rights for logon locally
    and deny logon
    >> locally. By default administrators is in the logon
    locally for domain
    >> controllers and the deny logon locally is defined but
    empty. If there is
    >> more than one GPO in the domain controller container
    you will need to
    >check
    >> them all for those user rights. Adminpak is on the
    server install disk in
    >> the I386 folder. --- Steve
    >>
    >> http://support.microsoft.com/default.aspx?scid=kb;en-
    us;216999
    >>
    >> "Dave W" <anonymous@discussions.microsoft.com> wrote in
    message
    >> news:050b01c4a5b7$ed991f90$a401280a@phx.gbl...
    >> > Whew! Where to begin. The machine in question is the
    lone
    >> > DC in a single AD domain. I do have another server
    that I
    >> > work on that is beiing replicated to though(I think).
    All
    >> > the other machines can be logged into. I have tried
    >> > several other accounts on the DC and none of them
    will log
    >> > in. I first noticed the problem over the past weekend
    when
    >> > I tried to connect from home via term. serv's. The
    >> > same "interactive logging" message. I believe the GPO
    that
    >> > I screwed with was the one for the DC's as the one
    for the
    >> > domain is and has been disabled for some time. I have
    been
    >> > able to connect to the AD users & computers through
    my PC
    >> > (server #2)and the log on locally has all the users
    and
    >> > groups that I believe are necessary. The program that
    >> > precipitated this with the GPO was a mail/spam app
    that
    >> > wouldn't start it's engine so I thought that the log
    on
    >> > parameters were the place to go. I have since
    uninstalled
    >> > the app, which BTW was never on the DC. So are you
    saying
    >> > that with the SeInteractiveLogonRight app, I just
    need to
    >> > change to the directory in which it resides on a
    >> > workstation and do a path as spelled out to the
    affected
    >> > server over the network?? OK, I just tried that and it
    >> > obviously went through it's process and returned to
    the
    >> > prompt. I tried logging in to the server and still
    got the
    >> > same message. I may have also changed something
    inside
    >> > the control panel>administrative tools>local security
    >> > setings on the effected server and for sure on server
    #2
    >> > (where the P.O.S. application had been installed). I
    had
    >> > to change the default policy from the #2 server to the
    >> > domain from within the drop-down list box at the top
    of
    >> > the window. Would changes made on a sever that is
    being
    >> > replicated to, replicate back to the DC?
    >> >
    >> > I'm at my wits end on this. Any other suggestions
    would be
    >> > greatly appreciated.
    >> >
    >> > Dave
    >> >>-----Original Message-----
    >> >>Dave
    >> >>
    >> >>If your saying you cannot logon to anything in the
    domain
    >> > that is another
    >> >>story with a whole lot of different questions attached
    >> > you state Server in
    >> >>the subject but
    >> >>is this server a DC or Member server, is it the only
    DC,
    >> > what group policy
    >> >>was changed, what changes were made to that policy
    >> >>etc etc.....
    >> >>
    >> >>You will have to say if this is the case and the
    >> > questions will start from
    >> >>there.
    >> >>
    >> >>else I am assuming that your talking 1 server affected
    >> > under a GPO change
    >> >>and the SeInteractiveLoginRight has been removed from
    >> > some group such as
    >> >>Administrators or Everyone (quite common that's why
    Joe
    >> > did the tool) and
    >> >>you have workstation access with network access or
    >> > another server to login
    >> >>to.
    >> >>
    >> >>If this is the case then you just point the exe at the
    >> > problem machine and
    >> >>input the details.
    >> >>(Hint Try a local admin account on a machine if the
    >> > domain account cannot
    >> >>login, then run the cmd prompt using "run as" and
    input
    >> > your domain account
    >> >>details)
    >> >>(Hint 2 is it a server in remote admin mode then try
    TS
    >> > connection to the
    >> >>server and login that way, if you normally TS on for
    >> > access then try the
    >> >>console.)
    >> >>
    >> >>So say server 1 is the problem in domain 1 for admin1
    and
    >> > he gets the error
    >> >>trying to logon
    >> >>open a command prompt on a workstation on the domain
    that
    >> > has network access
    >> >>SeInteractiveLogonRight domain1\admin1 server1
    >> >>
    >> >>
    >> >>You can do the same with NTRights.exe as well from the
    >> > resource kit except
    >> >>this has access to other settings.
    >> >>
    >> >>Help details from the Exe
    >> >>SeInteractiveLogonRight V00.10.00cpp joe@joeware.net
    >> > September 2001
    >> >>
    >> >> Usage: sEINTERACTIVELOGONRIGHT <[DOMAIN\]
    Account>
    >> > [TargetMachine]
    >> >> Will set SeInteractiveLogonRight for account
    on
    >> > targetmachine
    >> >> Will clear SeDenyInteractiveLogonRight for
    >> > account on targetmachine
    >> >>
    >> >> Will remove Everyone well known group from
    >> >>SeDenyInteractiveLogonRight on targetmachine
    >> >>
    >> >> Example: sEINTERACTIVELOGONRIGHT
    >> > joehome\$jricha34 pro2
    >> >>
    >> >>
    >> >>If this is not the case then post back with some
    specific
    >> > details on the
    >> >>situation, the lists are good but my crystal ball is
    on
    >> > the blink at the
    >> >>moment with a hardware error ;-)
    >> >>
    >> >>hth
    >> >>Steve
    >> >>
    >> >>
    >> >>
    >> >>Code based off of MSDN Library code LSAPRIV
    >> >>"Dave W" <anonymous@discussions.microsoft.com> wrote
    in
    >> > message
    >> >>news:395801c4a569$5f36ea00$a301280a@phx.gbl...
    >> >>> Thanks, but how do I "use" it? It's a little exe
    that
    >> >>> apparently must be run in a windows environment. If
    I
    >> >>> can't logon, how do I do that?
    >> >>>
    >> >>> Dave
    >> >>> >-----Original Message-----
    >> >>> >Go here
    >> >>> >http://www.joeware.net/win32/index.html
    >> >>> >download the SeInteractiveLogonRight from the
    win32 c++
    >> >>> tools page have a
    >> >>> >read then run it and your good to go
    >> >>> >
    >> >>> >rgds
    >> >>> >Steve
    >> >>> >
    >> >>> >
    >> >>> >
    >> >>> >"Chriss3 [MVP]" <noSpamHere@chrisse.se> wrote in
    >> > message
    >> >>> >news:OjRUVVMpEHA.744@TK2MSFTNGP10.phx.gbl...
    >> >>> >> Restart the computer into DS restore mode. Try to
    >> >>> change local GPO, or try
    >> >>> >> to change it from another computer.
    >> >>> >>
    >> >>> >> --
    >> >>> >> Regards
    >> >>> >> Christoffer Andersson
    >> >>> >> Microsoft MVP - Directory Services
    >> >>> >>
    >> >>> >> No email replies please - reply in the newsgroup
    >> >>> >> ------------------------------------------------
    >> >>> >> http://www.chrisse.se - Active Directory Tips
    >> >>> >>
    >> >>> >> "Dave W" <anonymous@discussions.microsoft.com>
    skrev
    >> > i
    >> >>> meddelandet
    >> >>> >> news:2f7e01c4a4bc$03ecbd30$a301280a@phx.gbl...
    >> >>> >> > Some changes were made to group policy several
    days
    >> >>> ago
    >> >>> >> > and something musta got screwed up because I
    cannot
    >> >>> log
    >> >>> >> > back in now that I have logged out. I get the
    >> >>> following
    >> >>> >> > message after the failed login: "the local
    policy
    >> > of
    >> >>> this
    >> >>> >> > system does not permit you to logon
    interactively"
    >> >>> >> > Is there anything that I can do?
    >> >>> >>
    >> >>> >>
    >> >>> >
    >> >>> >
    >> >>> >.
    >> >>> >
    >> >>
    >> >>
    >> >>.
    >> >>
    >>
    >>
    >
    >
    >.
    >
  9. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Good News! For whatever reason I was just able to log on
    to that server. Through the network I was able to change
    the administrator's p/w from ******* to blank, but that
    was like hours ago and it wouldn't let me in all morning
    (after trying as many things as I did, I won't be able to
    determine for certain what the problem was)I'll betcha
    that I'll be able to connect from home tonight through
    term/serv's too. Just want to thank everyone that tried to
    help.

    Dave
    >-----Original Message-----
    >Still can't logon to that machine. I ran the
    >SeInteractiveLogonRight app again and got an error msg
    >this time. In your post you spelled out the command
    >as "SeinteractiveLogonRight DomainName\Administrators
    >ServerName". Is "administrators" literal, including the
    >pluralization? Anyways, I do have the Administrative
    Tools
    >on my Program Menu (on my server#2) so I am able to
    access
    >the controls for the domain Contrioller (server#1). I
    have
    >checked the GPO for the DC group and it is exactly as
    I've
    >been told to set it(enable but don't specify for
    the "deny
    >logon" and the "logon locally" has the administrator (as
    >well as quite a few others in it). At the moment it's not
    >a crisis, but I can see that happening at some point. Our
    >Exchange server is on that server. I can access various
    >file and folders through the Network Neighborhood as
    well.
    >That includes the "sysvol" share and others. II have even
    >tried disabling all of the policies .
    >>-----Original Message-----
    >>Dave
    >>Other Steve here
    >>how are you doing on this at present ? have you managed
    >to get to the policy
    >>yet?
    >>
    >>Your correct on the operation of the tool open the cmd
    >prompt on the
    >>directory it resides and run it
    >>
    >>so to grant the Administrator Group the local logon
    right
    >just type
    >>SeinteractiveLogonRight DomainName\Administrators
    >ServerName
    >>this would clear the local settings in the local
    security
    >policy on the
    >>server
    >>
    >>If you have changed the default domain controllers policy
    >>then as Steve L states use the adminpak on another
    >machine to change that
    >>policy as well.
    >>
    >>rgds
    >>Steve
    >>
    >>
    >>"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net>
    >wrote in message
    >>news:Spn6d.274636$mD.74234@attbi_s02...
    >>> Install Adminpak on one of your Windows 2000 domain
    >computers that you can
    >>> logon to as a domain administrator and use it to
    modify
    >the problem policy
    >>> from that computer. My guess is that the change was
    >made in Domain
    >>> Controller Security Policy under security
    >settings/local policies/user
    >>> rights. Look at the two user rights for logon locally
    >and deny logon
    >>> locally. By default administrators is in the logon
    >locally for domain
    >>> controllers and the deny logon locally is defined but
    >empty. If there is
    >>> more than one GPO in the domain controller container
    >you will need to
    >>check
    >>> them all for those user rights. Adminpak is on the
    >server install disk in
    >>> the I386 folder. --- Steve
    >>>
    >>> http://support.microsoft.com/default.aspx?scid=kb;en-
    >us;216999
    >>>
    >>> "Dave W" <anonymous@discussions.microsoft.com> wrote
    in
    >message
    >>> news:050b01c4a5b7$ed991f90$a401280a@phx.gbl...
    >>> > Whew! Where to begin. The machine in question is the
    >lone
    >>> > DC in a single AD domain. I do have another server
    >that I
    >>> > work on that is beiing replicated to though(I
    think).
    >All
    >>> > the other machines can be logged into. I have tried
    >>> > several other accounts on the DC and none of them
    >will log
    >>> > in. I first noticed the problem over the past
    weekend
    >when
    >>> > I tried to connect from home via term. serv's. The
    >>> > same "interactive logging" message. I believe the
    GPO
    >that
    >>> > I screwed with was the one for the DC's as the one
    >for the
    >>> > domain is and has been disabled for some time. I
    have
    >been
    >>> > able to connect to the AD users & computers through
    >my PC
    >>> > (server #2)and the log on locally has all the users
    >and
    >>> > groups that I believe are necessary. The program that
    >>> > precipitated this with the GPO was a mail/spam app
    >that
    >>> > wouldn't start it's engine so I thought that the log
    >on
    >>> > parameters were the place to go. I have since
    >uninstalled
    >>> > the app, which BTW was never on the DC. So are you
    >saying
    >>> > that with the SeInteractiveLogonRight app, I just
    >need to
    >>> > change to the directory in which it resides on a
    >>> > workstation and do a path as spelled out to the
    >affected
    >>> > server over the network?? OK, I just tried that and
    it
    >>> > obviously went through it's process and returned to
    >the
    >>> > prompt. I tried logging in to the server and still
    >got the
    >>> > same message. I may have also changed something
    >inside
    >>> > the control panel>administrative tools>local security
    >>> > setings on the effected server and for sure on
    server
    >#2
    >>> > (where the P.O.S. application had been installed). I
    >had
    >>> > to change the default policy from the #2 server to
    the
    >>> > domain from within the drop-down list box at the top
    >of
    >>> > the window. Would changes made on a sever that is
    >being
    >>> > replicated to, replicate back to the DC?
    >>> >
    >>> > I'm at my wits end on this. Any other suggestions
    >would be
    >>> > greatly appreciated.
    >>> >
    >>> > Dave
    >>> >>-----Original Message-----
    >>> >>Dave
    >>> >>
    >>> >>If your saying you cannot logon to anything in the
    >domain
    >>> > that is another
    >>> >>story with a whole lot of different questions
    attached
    >>> > you state Server in
    >>> >>the subject but
    >>> >>is this server a DC or Member server, is it the
    only
    >DC,
    >>> > what group policy
    >>> >>was changed, what changes were made to that policy
    >>> >>etc etc.....
    >>> >>
    >>> >>You will have to say if this is the case and the
    >>> > questions will start from
    >>> >>there.
    >>> >>
    >>> >>else I am assuming that your talking 1 server
    affected
    >>> > under a GPO change
    >>> >>and the SeInteractiveLoginRight has been removed from
    >>> > some group such as
    >>> >>Administrators or Everyone (quite common that's why
    >Joe
    >>> > did the tool) and
    >>> >>you have workstation access with network access or
    >>> > another server to login
    >>> >>to.
    >>> >>
    >>> >>If this is the case then you just point the exe at
    the
    >>> > problem machine and
    >>> >>input the details.
    >>> >>(Hint Try a local admin account on a machine if the
    >>> > domain account cannot
    >>> >>login, then run the cmd prompt using "run as" and
    >input
    >>> > your domain account
    >>> >>details)
    >>> >>(Hint 2 is it a server in remote admin mode then try
    >TS
    >>> > connection to the
    >>> >>server and login that way, if you normally TS on for
    >>> > access then try the
    >>> >>console.)
    >>> >>
    >>> >>So say server 1 is the problem in domain 1 for
    admin1
    >and
    >>> > he gets the error
    >>> >>trying to logon
    >>> >>open a command prompt on a workstation on the domain
    >that
    >>> > has network access
    >>> >>SeInteractiveLogonRight domain1\admin1 server1
    >>> >>
    >>> >>
    >>> >>You can do the same with NTRights.exe as well from
    the
    >>> > resource kit except
    >>> >>this has access to other settings.
    >>> >>
    >>> >>Help details from the Exe
    >>> >>SeInteractiveLogonRight V00.10.00cpp joe@joeware.net
    >>> > September 2001
    >>> >>
    >>> >> Usage: sEINTERACTIVELOGONRIGHT <[DOMAIN\]
    >Account>
    >>> > [TargetMachine]
    >>> >> Will set SeInteractiveLogonRight for account
    >on
    >>> > targetmachine
    >>> >> Will clear SeDenyInteractiveLogonRight for
    >>> > account on targetmachine
    >>> >>
    >>> >> Will remove Everyone well known group from
    >>> >>SeDenyInteractiveLogonRight on targetmachine
    >>> >>
    >>> >> Example: sEINTERACTIVELOGONRIGHT
    >>> > joehome\$jricha34 pro2
    >>> >>
    >>> >>
    >>> >>If this is not the case then post back with some
    >specific
    >>> > details on the
    >>> >>situation, the lists are good but my crystal ball is
    >on
    >>> > the blink at the
    >>> >>moment with a hardware error ;-)
    >>> >>
    >>> >>hth
    >>> >>Steve
    >>> >>
    >>> >>
    >>> >>
    >>> >>Code based off of MSDN Library code LSAPRIV
    >>> >>"Dave W" <anonymous@discussions.microsoft.com> wrote
    >in
    >>> > message
    >>> >>news:395801c4a569$5f36ea00$a301280a@phx.gbl...
    >>> >>> Thanks, but how do I "use" it? It's a little exe
    >that
    >>> >>> apparently must be run in a windows environment.
    If
    >I
    >>> >>> can't logon, how do I do that?
    >>> >>>
    >>> >>> Dave
    >>> >>> >-----Original Message-----
    >>> >>> >Go here
    >>> >>> >http://www.joeware.net/win32/index.html
    >>> >>> >download the SeInteractiveLogonRight from the
    >win32 c++
    >>> >>> tools page have a
    >>> >>> >read then run it and your good to go
    >>> >>> >
    >>> >>> >rgds
    >>> >>> >Steve
    >>> >>> >
    >>> >>> >
    >>> >>> >
    >>> >>> >"Chriss3 [MVP]" <noSpamHere@chrisse.se> wrote in
    >>> > message
    >>> >>> >news:OjRUVVMpEHA.744@TK2MSFTNGP10.phx.gbl...
    >>> >>> >> Restart the computer into DS restore mode. Try
    to
    >>> >>> change local GPO, or try
    >>> >>> >> to change it from another computer.
    >>> >>> >>
    >>> >>> >> --
    >>> >>> >> Regards
    >>> >>> >> Christoffer Andersson
    >>> >>> >> Microsoft MVP - Directory Services
    >>> >>> >>
    >>> >>> >> No email replies please - reply in the newsgroup
    >>> >>> >> ------------------------------------------------
    >>> >>> >> http://www.chrisse.se - Active Directory Tips
    >>> >>> >>
    >>> >>> >> "Dave W" <anonymous@discussions.microsoft.com>
    >skrev
    >>> > i
    >>> >>> meddelandet
    >>> >>> >> news:2f7e01c4a4bc$03ecbd30$a301280a@phx.gbl...
    >>> >>> >> > Some changes were made to group policy
    several
    >days
    >>> >>> ago
    >>> >>> >> > and something musta got screwed up because I
    >cannot
    >>> >>> log
    >>> >>> >> > back in now that I have logged out. I get the
    >>> >>> following
    >>> >>> >> > message after the failed login: "the local
    >policy
    >>> > of
    >>> >>> this
    >>> >>> >> > system does not permit you to logon
    >interactively"
    >>> >>> >> > Is there anything that I can do?
    >>> >>> >>
    >>> >>> >>
    >>> >>> >
    >>> >>> >
    >>> >>> >.
    >>> >>> >
    >>> >>
    >>> >>
    >>> >>.
    >>> >>
    >>>
    >>>
    >>
    >>
    >>.
    >>
    >.
    >
  10. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Great glad your back in to the server.

    Sorry did slip with the extra s on Administrator my fault.
    Rgds
    Steve


    "Dave W" <anonymous@discussions.microsoft.com> wrote in message
    news:1b3001c4a664$05b70f40$a601280a@phx.gbl...
    > Good News! For whatever reason I was just able to log on
    > to that server. Through the network I was able to change
    > the administrator's p/w from ******* to blank, but that
    > was like hours ago and it wouldn't let me in all morning
    > (after trying as many things as I did, I won't be able to
    > determine for certain what the problem was)I'll betcha
    > that I'll be able to connect from home tonight through
    > term/serv's too. Just want to thank everyone that tried to
    > help.
    >
    > Dave
    > >-----Original Message-----
    > >Still can't logon to that machine. I ran the
    > >SeInteractiveLogonRight app again and got an error msg
    > >this time. In your post you spelled out the command
    > >as "SeinteractiveLogonRight DomainName\Administrators
    > >ServerName". Is "administrators" literal, including the
    > >pluralization? Anyways, I do have the Administrative
    > Tools
    > >on my Program Menu (on my server#2) so I am able to
    > access
    > >the controls for the domain Contrioller (server#1). I
    > have
    > >checked the GPO for the DC group and it is exactly as
    > I've
    > >been told to set it(enable but don't specify for
    > the "deny
    > >logon" and the "logon locally" has the administrator (as
    > >well as quite a few others in it). At the moment it's not
    > >a crisis, but I can see that happening at some point. Our
    > >Exchange server is on that server. I can access various
    > >file and folders through the Network Neighborhood as
    > well.
    > >That includes the "sysvol" share and others. II have even
    > >tried disabling all of the policies .
    > >>-----Original Message-----
    > >>Dave
    > >>Other Steve here
    > >>how are you doing on this at present ? have you managed
    > >to get to the policy
    > >>yet?
    > >>
    > >>Your correct on the operation of the tool open the cmd
    > >prompt on the
    > >>directory it resides and run it
    > >>
    > >>so to grant the Administrator Group the local logon
    > right
    > >just type
    > >>SeinteractiveLogonRight DomainName\Administrators
    > >ServerName
    > >>this would clear the local settings in the local
    > security
    > >policy on the
    > >>server
    > >>
    > >>If you have changed the default domain controllers policy
    > >>then as Steve L states use the adminpak on another
    > >machine to change that
    > >>policy as well.
    > >>
    > >>rgds
    > >>Steve
    > >>
    > >>
    > >>"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net>
    > >wrote in message
    > >>news:Spn6d.274636$mD.74234@attbi_s02...
    > >>> Install Adminpak on one of your Windows 2000 domain
    > >computers that you can
    > >>> logon to as a domain administrator and use it to
    > modify
    > >the problem policy
    > >>> from that computer. My guess is that the change was
    > >made in Domain
    > >>> Controller Security Policy under security
    > >settings/local policies/user
    > >>> rights. Look at the two user rights for logon locally
    > >and deny logon
    > >>> locally. By default administrators is in the logon
    > >locally for domain
    > >>> controllers and the deny logon locally is defined but
    > >empty. If there is
    > >>> more than one GPO in the domain controller container
    > >you will need to
    > >>check
    > >>> them all for those user rights. Adminpak is on the
    > >server install disk in
    > >>> the I386 folder. --- Steve
    > >>>
    > >>> http://support.microsoft.com/default.aspx?scid=kb;en-
    > >us;216999
    > >>>
    > >>> "Dave W" <anonymous@discussions.microsoft.com> wrote
    > in
    > >message
    > >>> news:050b01c4a5b7$ed991f90$a401280a@phx.gbl...
    > >>> > Whew! Where to begin. The machine in question is the
    > >lone
    > >>> > DC in a single AD domain. I do have another server
    > >that I
    > >>> > work on that is beiing replicated to though(I
    > think).
    > >All
    > >>> > the other machines can be logged into. I have tried
    > >>> > several other accounts on the DC and none of them
    > >will log
    > >>> > in. I first noticed the problem over the past
    > weekend
    > >when
    > >>> > I tried to connect from home via term. serv's. The
    > >>> > same "interactive logging" message. I believe the
    > GPO
    > >that
    > >>> > I screwed with was the one for the DC's as the one
    > >for the
    > >>> > domain is and has been disabled for some time. I
    > have
    > >been
    > >>> > able to connect to the AD users & computers through
    > >my PC
    > >>> > (server #2)and the log on locally has all the users
    > >and
    > >>> > groups that I believe are necessary. The program that
    > >>> > precipitated this with the GPO was a mail/spam app
    > >that
    > >>> > wouldn't start it's engine so I thought that the log
    > >on
    > >>> > parameters were the place to go. I have since
    > >uninstalled
    > >>> > the app, which BTW was never on the DC. So are you
    > >saying
    > >>> > that with the SeInteractiveLogonRight app, I just
    > >need to
    > >>> > change to the directory in which it resides on a
    > >>> > workstation and do a path as spelled out to the
    > >affected
    > >>> > server over the network?? OK, I just tried that and
    > it
    > >>> > obviously went through it's process and returned to
    > >the
    > >>> > prompt. I tried logging in to the server and still
    > >got the
    > >>> > same message. I may have also changed something
    > >inside
    > >>> > the control panel>administrative tools>local security
    > >>> > setings on the effected server and for sure on
    > server
    > >#2
    > >>> > (where the P.O.S. application had been installed). I
    > >had
    > >>> > to change the default policy from the #2 server to
    > the
    > >>> > domain from within the drop-down list box at the top
    > >of
    > >>> > the window. Would changes made on a sever that is
    > >being
    > >>> > replicated to, replicate back to the DC?
    > >>> >
    > >>> > I'm at my wits end on this. Any other suggestions
    > >would be
    > >>> > greatly appreciated.
    > >>> >
    > >>> > Dave
    > >>> >>-----Original Message-----
    > >>> >>Dave
    > >>> >>
    > >>> >>If your saying you cannot logon to anything in the
    > >domain
    > >>> > that is another
    > >>> >>story with a whole lot of different questions
    > attached
    > >>> > you state Server in
    > >>> >>the subject but
    > >>> >>is this server a DC or Member server, is it the
    > only
    > >DC,
    > >>> > what group policy
    > >>> >>was changed, what changes were made to that policy
    > >>> >>etc etc.....
    > >>> >>
    > >>> >>You will have to say if this is the case and the
    > >>> > questions will start from
    > >>> >>there.
    > >>> >>
    > >>> >>else I am assuming that your talking 1 server
    > affected
    > >>> > under a GPO change
    > >>> >>and the SeInteractiveLoginRight has been removed from
    > >>> > some group such as
    > >>> >>Administrators or Everyone (quite common that's why
    > >Joe
    > >>> > did the tool) and
    > >>> >>you have workstation access with network access or
    > >>> > another server to login
    > >>> >>to.
    > >>> >>
    > >>> >>If this is the case then you just point the exe at
    > the
    > >>> > problem machine and
    > >>> >>input the details.
    > >>> >>(Hint Try a local admin account on a machine if the
    > >>> > domain account cannot
    > >>> >>login, then run the cmd prompt using "run as" and
    > >input
    > >>> > your domain account
    > >>> >>details)
    > >>> >>(Hint 2 is it a server in remote admin mode then try
    > >TS
    > >>> > connection to the
    > >>> >>server and login that way, if you normally TS on for
    > >>> > access then try the
    > >>> >>console.)
    > >>> >>
    > >>> >>So say server 1 is the problem in domain 1 for
    > admin1
    > >and
    > >>> > he gets the error
    > >>> >>trying to logon
    > >>> >>open a command prompt on a workstation on the domain
    > >that
    > >>> > has network access
    > >>> >>SeInteractiveLogonRight domain1\admin1 server1
    > >>> >>
    > >>> >>
    > >>> >>You can do the same with NTRights.exe as well from
    > the
    > >>> > resource kit except
    > >>> >>this has access to other settings.
    > >>> >>
    > >>> >>Help details from the Exe
    > >>> >>SeInteractiveLogonRight V00.10.00cpp joe@joeware.net
    > >>> > September 2001
    > >>> >>
    > >>> >> Usage: sEINTERACTIVELOGONRIGHT <[DOMAIN\]
    > >Account>
    > >>> > [TargetMachine]
    > >>> >> Will set SeInteractiveLogonRight for account
    > >on
    > >>> > targetmachine
    > >>> >> Will clear SeDenyInteractiveLogonRight for
    > >>> > account on targetmachine
    > >>> >>
    > >>> >> Will remove Everyone well known group from
    > >>> >>SeDenyInteractiveLogonRight on targetmachine
    > >>> >>
    > >>> >> Example: sEINTERACTIVELOGONRIGHT
    > >>> > joehome\$jricha34 pro2
    > >>> >>
    > >>> >>
    > >>> >>If this is not the case then post back with some
    > >specific
    > >>> > details on the
    > >>> >>situation, the lists are good but my crystal ball is
    > >on
    > >>> > the blink at the
    > >>> >>moment with a hardware error ;-)
    > >>> >>
    > >>> >>hth
    > >>> >>Steve
    > >>> >>
    > >>> >>
    > >>> >>
    > >>> >>Code based off of MSDN Library code LSAPRIV
    > >>> >>"Dave W" <anonymous@discussions.microsoft.com> wrote
    > >in
    > >>> > message
    > >>> >>news:395801c4a569$5f36ea00$a301280a@phx.gbl...
    > >>> >>> Thanks, but how do I "use" it? It's a little exe
    > >that
    > >>> >>> apparently must be run in a windows environment.
    > If
    > >I
    > >>> >>> can't logon, how do I do that?
    > >>> >>>
    > >>> >>> Dave
    > >>> >>> >-----Original Message-----
    > >>> >>> >Go here
    > >>> >>> >http://www.joeware.net/win32/index.html
    > >>> >>> >download the SeInteractiveLogonRight from the
    > >win32 c++
    > >>> >>> tools page have a
    > >>> >>> >read then run it and your good to go
    > >>> >>> >
    > >>> >>> >rgds
    > >>> >>> >Steve
    > >>> >>> >
    > >>> >>> >
    > >>> >>> >
    > >>> >>> >"Chriss3 [MVP]" <noSpamHere@chrisse.se> wrote in
    > >>> > message
    > >>> >>> >news:OjRUVVMpEHA.744@TK2MSFTNGP10.phx.gbl...
    > >>> >>> >> Restart the computer into DS restore mode. Try
    > to
    > >>> >>> change local GPO, or try
    > >>> >>> >> to change it from another computer.
    > >>> >>> >>
    > >>> >>> >> --
    > >>> >>> >> Regards
    > >>> >>> >> Christoffer Andersson
    > >>> >>> >> Microsoft MVP - Directory Services
    > >>> >>> >>
    > >>> >>> >> No email replies please - reply in the newsgroup
    > >>> >>> >> ------------------------------------------------
    > >>> >>> >> http://www.chrisse.se - Active Directory Tips
    > >>> >>> >>
    > >>> >>> >> "Dave W" <anonymous@discussions.microsoft.com>
    > >skrev
    > >>> > i
    > >>> >>> meddelandet
    > >>> >>> >> news:2f7e01c4a4bc$03ecbd30$a301280a@phx.gbl...
    > >>> >>> >> > Some changes were made to group policy
    > several
    > >days
    > >>> >>> ago
    > >>> >>> >> > and something musta got screwed up because I
    > >cannot
    > >>> >>> log
    > >>> >>> >> > back in now that I have logged out. I get the
    > >>> >>> following
    > >>> >>> >> > message after the failed login: "the local
    > >policy
    > >>> > of
    > >>> >>> this
    > >>> >>> >> > system does not permit you to logon
    > >interactively"
    > >>> >>> >> > Is there anything that I can do?
    > >>> >>> >>
    > >>> >>> >>
    > >>> >>> >
    > >>> >>> >
    > >>> >>> >.
    > >>> >>> >
    > >>> >>
    > >>> >>
    > >>> >>.
    > >>> >>
    > >>>
    > >>>
    > >>
    > >>
    > >>.
    > >>
    > >.
    > >
  11. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    A new problem has arisen, I believe because I ran that
    little app from the command prompt, I cannot start my
    exchange system manager now. I get the following
    error: "Facility Win32, I.D. No. 8007203b Exchange System
    Manager" I looked it up on the MS KB and it said to restrt
    the Kerberos service in the services. I did, and it didn't
    help. I think I wiped out some sort of authentication for
    the exchange services by runing it. Is there some way to
    revert, or undo, what I did?

    Dave
    >-----Original Message-----
    >Great glad your back in to the server.
    >
    >Sorry did slip with the extra s on Administrator my fault.
    >Rgds
    >Steve
    >
    >
    >
    >
    >"Dave W" <anonymous@discussions.microsoft.com> wrote in
    message
    >news:1b3001c4a664$05b70f40$a601280a@phx.gbl...
    >> Good News! For whatever reason I was just able to log on
    >> to that server. Through the network I was able to change
    >> the administrator's p/w from ******* to blank, but that
    >> was like hours ago and it wouldn't let me in all morning
    >> (after trying as many things as I did, I won't be able
    to
    >> determine for certain what the problem was)I'll betcha
    >> that I'll be able to connect from home tonight through
    >> term/serv's too. Just want to thank everyone that tried
    to
    >> help.
    >>
    >> Dave
    >> >-----Original Message-----
    >> >Still can't logon to that machine. I ran the
    >> >SeInteractiveLogonRight app again and got an error msg
    >> >this time. In your post you spelled out the command
    >> >as "SeinteractiveLogonRight DomainName\Administrators
    >> >ServerName". Is "administrators" literal, including the
    >> >pluralization? Anyways, I do have the Administrative
    >> Tools
    >> >on my Program Menu (on my server#2) so I am able to
    >> access
    >> >the controls for the domain Contrioller (server#1). I
    >> have
    >> >checked the GPO for the DC group and it is exactly as
    >> I've
    >> >been told to set it(enable but don't specify for
    >> the "deny
    >> >logon" and the "logon locally" has the administrator
    (as
    >> >well as quite a few others in it). At the moment it's
    not
    >> >a crisis, but I can see that happening at some point.
    Our
    >> >Exchange server is on that server. I can access various
    >> >file and folders through the Network Neighborhood as
    >> well.
    >> >That includes the "sysvol" share and others. II have
    even
    >> >tried disabling all of the policies .
    >> >>-----Original Message-----
    >> >>Dave
    >> >>Other Steve here
    >> >>how are you doing on this at present ? have you
    managed
    >> >to get to the policy
    >> >>yet?
    >> >>
    >> >>Your correct on the operation of the tool open the cmd
    >> >prompt on the
    >> >>directory it resides and run it
    >> >>
    >> >>so to grant the Administrator Group the local logon
    >> right
    >> >just type
    >> >>SeinteractiveLogonRight DomainName\Administrators
    >> >ServerName
    >> >>this would clear the local settings in the local
    >> security
    >> >policy on the
    >> >>server
    >> >>
    >> >>If you have changed the default domain controllers
    policy
    >> >>then as Steve L states use the adminpak on another
    >> >machine to change that
    >> >>policy as well.
    >> >>
    >> >>rgds
    >> >>Steve
    >> >>
    >> >>
    >> >>"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net>
    >> >wrote in message
    >> >>news:Spn6d.274636$mD.74234@attbi_s02...
    >> >>> Install Adminpak on one of your Windows 2000 domain
    >> >computers that you can
    >> >>> logon to as a domain administrator and use it to
    >> modify
    >> >the problem policy
    >> >>> from that computer. My guess is that the change was
    >> >made in Domain
    >> >>> Controller Security Policy under security
    >> >settings/local policies/user
    >> >>> rights. Look at the two user rights for logon
    locally
    >> >and deny logon
    >> >>> locally. By default administrators is in the logon
    >> >locally for domain
    >> >>> controllers and the deny logon locally is defined
    but
    >> >empty. If there is
    >> >>> more than one GPO in the domain controller container
    >> >you will need to
    >> >>check
    >> >>> them all for those user rights. Adminpak is on the
    >> >server install disk in
    >> >>> the I386 folder. --- Steve
    >> >>>
    >> >>> http://support.microsoft.com/default.aspx?
    scid=kb;en-
    >> >us;216999
    >> >>>
    >> >>> "Dave W" <anonymous@discussions.microsoft.com> wrote
    >> in
    >> >message
    >> >>> news:050b01c4a5b7$ed991f90$a401280a@phx.gbl...
    >> >>> > Whew! Where to begin. The machine in question is
    the
    >> >lone
    >> >>> > DC in a single AD domain. I do have another server
    >> >that I
    >> >>> > work on that is beiing replicated to though(I
    >> think).
    >> >All
    >> >>> > the other machines can be logged into. I have
    tried
    >> >>> > several other accounts on the DC and none of them
    >> >will log
    >> >>> > in. I first noticed the problem over the past
    >> weekend
    >> >when
    >> >>> > I tried to connect from home via term. serv's. The
    >> >>> > same "interactive logging" message. I believe the
    >> GPO
    >> >that
    >> >>> > I screwed with was the one for the DC's as the one
    >> >for the
    >> >>> > domain is and has been disabled for some time. I
    >> have
    >> >been
    >> >>> > able to connect to the AD users & computers
    through
    >> >my PC
    >> >>> > (server #2)and the log on locally has all the
    users
    >> >and
    >> >>> > groups that I believe are necessary. The program
    that
    >> >>> > precipitated this with the GPO was a mail/spam app
    >> >that
    >> >>> > wouldn't start it's engine so I thought that the
    log
    >> >on
    >> >>> > parameters were the place to go. I have since
    >> >uninstalled
    >> >>> > the app, which BTW was never on the DC. So are you
    >> >saying
    >> >>> > that with the SeInteractiveLogonRight app, I just
    >> >need to
    >> >>> > change to the directory in which it resides on a
    >> >>> > workstation and do a path as spelled out to the
    >> >affected
    >> >>> > server over the network?? OK, I just tried that
    and
    >> it
    >> >>> > obviously went through it's process and returned
    to
    >> >the
    >> >>> > prompt. I tried logging in to the server and still
    >> >got the
    >> >>> > same message. I may have also changed something
    >> >inside
    >> >>> > the control panel>administrative tools>local
    security
    >> >>> > setings on the effected server and for sure on
    >> server
    >> >#2
    >> >>> > (where the P.O.S. application had been
    installed). I
    >> >had
    >> >>> > to change the default policy from the #2 server to
    >> the
    >> >>> > domain from within the drop-down list box at the
    top
    >> >of
    >> >>> > the window. Would changes made on a sever that is
    >> >being
    >> >>> > replicated to, replicate back to the DC?
    >> >>> >
    >> >>> > I'm at my wits end on this. Any other suggestions
    >> >would be
    >> >>> > greatly appreciated.
    >> >>> >
    >> >>> > Dave
    >> >>> >>-----Original Message-----
    >> >>> >>Dave
    >> >>> >>
    >> >>> >>If your saying you cannot logon to anything in the
    >> >domain
    >> >>> > that is another
    >> >>> >>story with a whole lot of different questions
    >> attached
    >> >>> > you state Server in
    >> >>> >>the subject but
    >> >>> >>is this server a DC or Member server, is it the
    >> only
    >> >DC,
    >> >>> > what group policy
    >> >>> >>was changed, what changes were made to that policy
    >> >>> >>etc etc.....
    >> >>> >>
    >> >>> >>You will have to say if this is the case and the
    >> >>> > questions will start from
    >> >>> >>there.
    >> >>> >>
    >> >>> >>else I am assuming that your talking 1 server
    >> affected
    >> >>> > under a GPO change
    >> >>> >>and the SeInteractiveLoginRight has been removed
    from
    >> >>> > some group such as
    >> >>> >>Administrators or Everyone (quite common that's
    why
    >> >Joe
    >> >>> > did the tool) and
    >> >>> >>you have workstation access with network access or
    >> >>> > another server to login
    >> >>> >>to.
    >> >>> >>
    >> >>> >>If this is the case then you just point the exe at
    >> the
    >> >>> > problem machine and
    >> >>> >>input the details.
    >> >>> >>(Hint Try a local admin account on a machine if
    the
    >> >>> > domain account cannot
    >> >>> >>login, then run the cmd prompt using "run as" and
    >> >input
    >> >>> > your domain account
    >> >>> >>details)
    >> >>> >>(Hint 2 is it a server in remote admin mode then
    try
    >> >TS
    >> >>> > connection to the
    >> >>> >>server and login that way, if you normally TS on
    for
    >> >>> > access then try the
    >> >>> >>console.)
    >> >>> >>
    >> >>> >>So say server 1 is the problem in domain 1 for
    >> admin1
    >> >and
    >> >>> > he gets the error
    >> >>> >>trying to logon
    >> >>> >>open a command prompt on a workstation on the
    domain
    >> >that
    >> >>> > has network access
    >> >>> >>SeInteractiveLogonRight domain1\admin1 server1
    >> >>> >>
    >> >>> >>
    >> >>> >>You can do the same with NTRights.exe as well from
    >> the
    >> >>> > resource kit except
    >> >>> >>this has access to other settings.
    >> >>> >>
    >> >>> >>Help details from the Exe
    >> >>> >>SeInteractiveLogonRight V00.10.00cpp
    joe@joeware.net
    >> >>> > September 2001
    >> >>> >>
    >> >>> >> Usage: sEINTERACTIVELOGONRIGHT <[DOMAIN\]
    >> >Account>
    >> >>> > [TargetMachine]
    >> >>> >> Will set SeInteractiveLogonRight for
    account
    >> >on
    >> >>> > targetmachine
    >> >>> >> Will clear SeDenyInteractiveLogonRight for
    >> >>> > account on targetmachine
    >> >>> >>
    >> >>> >> Will remove Everyone well known group from
    >> >>> >>SeDenyInteractiveLogonRight on targetmachine
    >> >>> >>
    >> >>> >> Example: sEINTERACTIVELOGONRIGHT
    >> >>> > joehome\$jricha34 pro2
    >> >>> >>
    >> >>> >>
    >> >>> >>If this is not the case then post back with some
    >> >specific
    >> >>> > details on the
    >> >>> >>situation, the lists are good but my crystal ball
    is
    >> >on
    >> >>> > the blink at the
    >> >>> >>moment with a hardware error ;-)
    >> >>> >>
    >> >>> >>hth
    >> >>> >>Steve
    >> >>> >>
    >> >>> >>
    >> >>> >>
    >> >>> >>Code based off of MSDN Library code LSAPRIV
    >> >>> >>"Dave W" <anonymous@discussions.microsoft.com>
    wrote
    >> >in
    >> >>> > message
    >> >>> >>news:395801c4a569$5f36ea00$a301280a@phx.gbl...
    >> >>> >>> Thanks, but how do I "use" it? It's a little exe
    >> >that
    >> >>> >>> apparently must be run in a windows environment.
    >> If
    >> >I
    >> >>> >>> can't logon, how do I do that?
    >> >>> >>>
    >> >>> >>> Dave
    >> >>> >>> >-----Original Message-----
    >> >>> >>> >Go here
    >> >>> >>> >http://www.joeware.net/win32/index.html
    >> >>> >>> >download the SeInteractiveLogonRight from the
    >> >win32 c++
    >> >>> >>> tools page have a
    >> >>> >>> >read then run it and your good to go
    >> >>> >>> >
    >> >>> >>> >rgds
    >> >>> >>> >Steve
    >> >>> >>> >
    >> >>> >>> >
    >> >>> >>> >
    >> >>> >>> >"Chriss3 [MVP]" <noSpamHere@chrisse.se> wrote
    in
    >> >>> > message
    >> >>> >>> >news:OjRUVVMpEHA.744@TK2MSFTNGP10.phx.gbl...
    >> >>> >>> >> Restart the computer into DS restore mode.
    Try
    >> to
    >> >>> >>> change local GPO, or try
    >> >>> >>> >> to change it from another computer.
    >> >>> >>> >>
    >> >>> >>> >> --
    >> >>> >>> >> Regards
    >> >>> >>> >> Christoffer Andersson
    >> >>> >>> >> Microsoft MVP - Directory Services
    >> >>> >>> >>
    >> >>> >>> >> No email replies please - reply in the
    newsgroup
    >> >>> >>> >> ---------------------------------------------
    ---
    >> >>> >>> >> http://www.chrisse.se - Active Directory Tips
    >> >>> >>> >>
    >> >>> >>> >> "Dave W"
    <anonymous@discussions.microsoft.com>
    >> >skrev
    >> >>> > i
    >> >>> >>> meddelandet
    >> >>> >>> >> news:2f7e01c4a4bc$03ecbd30
    $a301280a@phx.gbl...
    >> >>> >>> >> > Some changes were made to group policy
    >> several
    >> >days
    >> >>> >>> ago
    >> >>> >>> >> > and something musta got screwed up because
    I
    >> >cannot
    >> >>> >>> log
    >> >>> >>> >> > back in now that I have logged out. I get
    the
    >> >>> >>> following
    >> >>> >>> >> > message after the failed login: "the local
    >> >policy
    >> >>> > of
    >> >>> >>> this
    >> >>> >>> >> > system does not permit you to logon
    >> >interactively"
    >> >>> >>> >> > Is there anything that I can do?
    >> >>> >>> >>
    >> >>> >>> >>
    >> >>> >>> >
    >> >>> >>> >
    >> >>> >>> >.
    >> >>> >>> >
    >> >>> >>
    >> >>> >>
    >> >>> >>.
    >> >>> >>
    >> >>>
    >> >>>
    >> >>
    >> >>
    >> >>.
    >> >>
    >> >.
    >> >
    >
    >
    >.
    >
  12. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    "Dave W" <anonymous@discussions.microsoft.com> said

    > A new problem has arisen, I believe because I ran that
    > little app from the command prompt, I cannot start my
    > exchange system manager now. I get the following
    > error: "Facility Win32, I.D. No. 8007203b Exchange System
    > Manager" I looked it up on the MS KB and it said to restrt
    > the Kerberos service in the services. I did, and it didn't
    > help. I think I wiped out some sort of authentication for
    > the exchange services by runing it. Is there some way to
    > revert, or undo, what I did?
    >

    Your exchange service is probably authenticating using the Administrator
    account, for which you have changed the password.
    Go into your services in computer management and tell the exchange service to
    use the new password.

    --
    Andy.
  13. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    I couldn't get into the AD Users & computers or AD sites &
    services and domains & trusts etc, etc. Fortunately, I was
    able to connect to those through servver #2 and I
    reconnected to the primary server through the AD domains &
    trusts and redid the Operations master and that seemed to
    solve the problem. WHEW!!!! Thanks and I hope that's all.

    Dave
    >-----Original Message-----
    >"Dave W" <anonymous@discussions.microsoft.com> said
    >
    >> A new problem has arisen, I believe because I ran that
    >> little app from the command prompt, I cannot start my
    >> exchange system manager now. I get the following
    >> error: "Facility Win32, I.D. No. 8007203b Exchange
    System
    >> Manager" I looked it up on the MS KB and it said to
    restrt
    >> the Kerberos service in the services. I did, and it
    didn't
    >> help. I think I wiped out some sort of authentication
    for
    >> the exchange services by runing it. Is there some way
    to
    >> revert, or undo, what I did?
    >>
    >
    >Your exchange service is probably authenticating using
    the Administrator
    >account, for which you have changed the password.
    >Go into your services in computer management and tell the
    exchange service to
    >use the new password.
    >
    >--
    >Andy.
    >.
    >
Ask a new question

Read More

Policy Microsoft Servers Windows