Doman Controller Logon denied

  • Thread starter Thread starter Chris..
  • Start date Start date
C

Chris..

I have two users who are in the Domain Admin group who
recieve a "You do not have access to logon to this
Session" error when they attempt to RDP connect to any
Domain Controller.

This is a multi-site Win2k AD enabled domain. This is
only effecting these two users and not the other members
of the Domain admin group. I have gone into the domain
controller OU default Policy and ensured that the Domain
admin and even the IT group is allowed to logon locally
and still no joy.


HELP!!
 
Have you confirmed that they're not in another group that has been
explicitly denied access to the DCs? If windows finds both an allow and
a deny, it defaults to the deny.

--Jared
 
Verified that they were not in a blocked group and that
there isn't a specific group in the Deny Local Logon
section. I specifically added their domain accounts to
the allow section and that didn't work, so I've pulled
the specific accounts out.

So I can't see anything in the Default Domain
Controller's GPO that limits them. I'd hate to have to
touch each DC and force the local policy to allow
because, well that defeats the rational for domain level
GPO's, but I guess that's my next step.

Thanks Jared.... Anyone else have an idea?

Chris..
 
Back
Top