Domain policy vs local policy

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello,
We have Win 2000 domain, setup by someone who is not working here anymore.
Problem is with domain policy;
It's denying login locally to everybody, but domain admins.
We need to be able to login locally as local administrator. Can not find
settings in Group Policies how to enable it. On local mashine i can enable
login locally, but effective policy is grayed out and login is denied. How to
fix it?
Thanks
 
Howdie!
We have Win 2000 domain, setup by someone who is not working here anymore.
Problem is with domain policy;
It's denying login locally to everybody, but domain admins.
We need to be able to login locally as local administrator. Can not find
settings in Group Policies how to enable it. On local mashine i can enable
login locally, but effective policy is grayed out and login is denied. How to
fix it?
Click to expand...

What policy was used for that? Look at right the policy which was
altered, not a local policy. It gets "overwritten anyway". If it's "Deny
log on locally", you can wipe "clear" the list so that users who should
have access will not show up in the list. If "Log on locally" policy was
used, you can add the local Administrators group pack in there. You can,
as far as I know, use the SID of that group:

S-1-5-32-544 (taken from http://support.microsoft.com/kb/243330)

cheers,

Florian
 
Policy is applied in Login on Locally, and only object i can add are domain
objects. How to add SID for local admin group?
Thanks
 
Howdie!
Policy is applied in Login on Locally, and only object i can add are domain
objects. How to add SID for local admin group?
Click to expand...

You can type in the SID manually. Don't click on the "Browse" button,
just type the SID in there. That worked for me in the past.

cheers,

Florian
 
ILYA said:
Policy is applied in Login on Locally, and only object i can add are domain
objects. How to add SID for local admin group?
Thanks
Click to expand...

Alternatively, typing "Administrators" without clicking "Browse" should
work as well.

cheers,

Florian
 
Back
Top