Local Policy doesn't allow logon interactively

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

We have a windows 2000 serve computer running Active Directory. The
workstations are Windows 2000 prof. Just recently we noticed we were unable
to log into any of the workstations locally as administrator. After
replacing the security file from the repair directory using recovery console
we were able to log in locally. As soon as we joined the domain we were no
longer able to log locally into the workstations. I checked locally policy
and domain policy on the server and for both the administrator was allowed
log on locally rights. The deny log on locally was not defined. I tried
creating a new group, assigning the administrator to that group, giving that
group the log on locally permission for the default domaig policy, creating a
new OU and assigning the default domain policy and still unable to log into
the workstations locally. I am certain it's a domain policy setting rather
than corrupt SID or registry hive on workstation because we only ever have
the issue after joining the domain. Any other suggestions?
 
rbaker said:
We have a windows 2000 serve computer running Active
Directory. The
workstations are Windows 2000 prof. Just recently we noticed
we were unable
to log into any of the workstations locally as administrator.
After
replacing the security file from the repair directory using
recovery console
we were able to log in locally. As soon as we joined the
domain we were no
longer able to log locally into the workstations. I checked
locally policy
and domain policy on the server and for both the administrator
was allowed
log on locally rights. The deny log on locally was not
defined. I tried
creating a new group, assigning the administrator to that
group, giving that
group the log on locally permission for the default domaig
policy, creating a
new OU and assigning the default domain policy and still
unable to log into
the workstations locally. I am certain it's a domain policy
setting rather
than corrupt SID or registry hive on workstation because we
only ever have
the issue after joining the domain. Any other suggestions?
Click to expand...

Hi,

In the Default Domain policy - Comp Config- Windows Settings -
Security Settings - Local Policies - User Rights assignment the
DEFAULT setting is "Not Defined". The ONLY Place that these User
Rights Assignments are defined by default is with the Defaut Domain
Controllers Group Policy.

Therefore someone set the policies in the Default Domain. Change all
to Not Defined and you should be fine.

IF you need to set User Rights Assignments in the future make sure you
create an OU for the computers and then create a new group policy and
set them there.

Cheers,

Lara
 
That did the trick. Thank you for your help.

lforbes said:
Hi,

In the Default Domain policy - Comp Config- Windows Settings -
Security Settings - Local Policies - User Rights assignment the
DEFAULT setting is "Not Defined". The ONLY Place that these User
Rights Assignments are defined by default is with the Defaut Domain
Controllers Group Policy.

Therefore someone set the policies in the Default Domain. Change all
to Not Defined and you should be fine.

IF you need to set User Rights Assignments in the future make sure you
create an OU for the computers and then create a new group policy and
set them there.

Cheers,

Lara

--
http://www.WindowsForumz.com/ This article was posted by author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.WindowsForumz.com/Group-Policy-Local-logon-interactively-ftopict242365.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.WindowsForumz.com/eform.php?p=740983
Click to expand...
 
Back
Top