Sign in with
Sign up | Sign in
Your question

Local Policy doesn't allow logon interactively

Last response: in Windows 2000/NT
Share
Anonymous
December 27, 2004 2:33:07 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

We have a windows 2000 serve computer running Active Directory. The
workstations are Windows 2000 prof. Just recently we noticed we were unable
to log into any of the workstations locally as administrator. After
replacing the security file from the repair directory using recovery console
we were able to log in locally. As soon as we joined the domain we were no
longer able to log locally into the workstations. I checked locally policy
and domain policy on the server and for both the administrator was allowed
log on locally rights. The deny log on locally was not defined. I tried
creating a new group, assigning the administrator to that group, giving that
group the log on locally permission for the default domaig policy, creating a
new OU and assigning the default domain policy and still unable to log into
the workstations locally. I am certain it's a domain policy setting rather
than corrupt SID or registry hive on workstation because we only ever have
the issue after joining the domain. Any other suggestions?
Anonymous
December 30, 2004 5:02:48 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

"rbaker" wrote:
> We have a windows 2000 serve computer running Active
> Directory. The
> workstations are Windows 2000 prof. Just recently we noticed
> we were unable
> to log into any of the workstations locally as administrator.
> After
> replacing the security file from the repair directory using
> recovery console
> we were able to log in locally. As soon as we joined the
> domain we were no
> longer able to log locally into the workstations. I checked
> locally policy
> and domain policy on the server and for both the administrator
> was allowed
> log on locally rights. The deny log on locally was not
> defined. I tried
> creating a new group, assigning the administrator to that
> group, giving that
> group the log on locally permission for the default domaig
> policy, creating a
> new OU and assigning the default domain policy and still
> unable to log into
> the workstations locally. I am certain it's a domain policy
> setting rather
> than corrupt SID or registry hive on workstation because we
> only ever have
> the issue after joining the domain. Any other suggestions?

Hi,

In the Default Domain policy - Comp Config- Windows Settings -
Security Settings - Local Policies - User Rights assignment the
DEFAULT setting is "Not Defined". The ONLY Place that these User
Rights Assignments are defined by default is with the Defaut Domain
Controllers Group Policy.

Therefore someone set the policies in the Default Domain. Change all
to Not Defined and you should be fine.

IF you need to set User Rights Assignments in the future make sure you
create an OU for the computers and then create a new group policy and
set them there.

Cheers,

Lara

--
http://www.WindowsForumz.com/ This article was posted by author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.WindowsForumz.com/Group-Policy-Local-logon-i...
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.WindowsForumz.com/eform.php?p=740983
Anonymous
January 7, 2005 9:49:05 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

That did the trick. Thank you for your help.

"lforbes" wrote:

> "rbaker" wrote:
> > We have a windows 2000 serve computer running Active
> > Directory. The
> > workstations are Windows 2000 prof. Just recently we noticed
> > we were unable
> > to log into any of the workstations locally as administrator.
> > After
> > replacing the security file from the repair directory using
> > recovery console
> > we were able to log in locally. As soon as we joined the
> > domain we were no
> > longer able to log locally into the workstations. I checked
> > locally policy
> > and domain policy on the server and for both the administrator
> > was allowed
> > log on locally rights. The deny log on locally was not
> > defined. I tried
> > creating a new group, assigning the administrator to that
> > group, giving that
> > group the log on locally permission for the default domaig
> > policy, creating a
> > new OU and assigning the default domain policy and still
> > unable to log into
> > the workstations locally. I am certain it's a domain policy
> > setting rather
> > than corrupt SID or registry hive on workstation because we
> > only ever have
> > the issue after joining the domain. Any other suggestions?
>
> Hi,
>
> In the Default Domain policy - Comp Config- Windows Settings -
> Security Settings - Local Policies - User Rights assignment the
> DEFAULT setting is "Not Defined". The ONLY Place that these User
> Rights Assignments are defined by default is with the Defaut Domain
> Controllers Group Policy.
>
> Therefore someone set the policies in the Default Domain. Change all
> to Not Defined and you should be fine.
>
> IF you need to set User Rights Assignments in the future make sure you
> create an OU for the computers and then create a new group policy and
> set them there.
>
> Cheers,
>
> Lara
>
> --
> http://www.WindowsForumz.com/ This article was posted by author's request
> Articles individually checked for conformance to usenet standards
> Topic URL: http://www.WindowsForumz.com/Group-Policy-Local-logon-i...
> Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.WindowsForumz.com/eform.php?p=740983
>
Anonymous
January 7, 2005 5:45:44 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

> That did the trick. Thank you for your help

No problem. Glad to help.

Cheers,

Lara
!