GPO Password update

[moshe]

Archived from groups: microsoft.public.win2000.security (More info?)

I have a small site that consists of a single domain controller and 6
clients. 4 of the clients are in an OU while the other 2 are domain clients.
We have some system services and dcom applications that run under a local
account on the OU clients. These local accounts are members of 2 groups which
reside in the domain.

Whenever Secedit is run we can’t start the services or run the dcom apps due
to logon restrictions. If we reset the passwords of the local accounts to
what they were before secedit ran we can run correctly.

SceCli does not return any errors from the event log.

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Apparently the service accounts you created lack privileges to run as a
service or other privileges. In the Local Security Policy of those computers
look under security settings/local policies/user rights where you can
configure the user right for logon as a service and others. I would also
enable auditing of logon events for success and failure and privilege use
for failure on these computers and then look in the security log for
failures which would indicate what user rights need to be assigned to those
accounts. --- Steve



"Moshe" <Moshe@discussions.microsoft.com> wrote in message
news:6595E169-0878-4BD6-9EC3-E12EEF0B4B7A@microsoft.com...
>I have a small site that consists of a single domain controller and 6
> clients. 4 of the clients are in an OU while the other 2 are domain
> clients.
> We have some system services and dcom applications that run under a local
> account on the OU clients. These local accounts are members of 2 groups
> which
> reside in the domain.
>
> Whenever Secedit is run we can't start the services or run the dcom apps
> due
> to logon restrictions. If we reset the passwords of the local accounts to
> what they were before secedit ran we can run correctly.
>
> SceCli does not return any errors from the event log.
>