RE: Log on Locally problems
From: Mike Gallagher (MikeGallagher_at_discussions.microsoft.com)
Date: 11/01/04
- Next message: peter stickney: "Thumbnail View in Briefcase"
- Previous message: Bob Smith: "RE: Log on Locally problems"
- In reply to: Bob Smith: "RE: Log on Locally problems"
- Next in thread: Bob Smith: "RE: Log on Locally problems"
- Reply: Bob Smith: "RE: Log on Locally problems"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 1 Nov 2004 12:06:04 -0800
Thanks for the reply. The domain controller security policy allows this user,
and the server op group the log on locally right. That is what has me so
puzzled.
Mike
"Bob Smith" wrote:
> If you are running Windows 2000 DC's then you need to modify the Domain
> Controllers Policy applied to the Domain Controllers OU. The Domain
> Controllers policy is locked down to control access to your most secure
> servers in the environment (your DC's). you need ot open up the policy and
> add permissions for her to log on (I would do this through a group). It
> should be under Machine Policy\User Rights Assignment\Log on locally or
> something (Don't have a 2k environment here to look at it exactly).
>
> Then use the secedit /refreshpolicy machine_policy /enforce to all the DC's
> if you don't want to wait the default 15 minutes.
>
> As for your other issues... I don't really know.
>
>
>
> "Mike Gallagher" wrote:
>
> > Hello All,
> > We are having some problems and I'm starting to get really confused. The
> > problems all lead me back to the same issue when I research them, but I hit a
> > dead end. We have 4 domain controllers. 2 are at our main site, and 1 each at
> > our 2 remote locations.
> >
> > The main problem I am writing about is that we have a new member of the IT
> > dept that is our web site admin. She needs to log on to one of our DCs to do
> > admin work on our Intranet site. She is not a domain admin so it will not let
> > her. I put her in the "server operator" group, and it still will not let her.
> > I gave both her account, and the server op group "log on locally"
> > permissions, but that hasn't worked. Only domain admins can log on locally to
> > the server.
> >
> > Here is another problem that makes me think it is related. Our 2 remote
> > locations, in addition to being DC also are backend servers for Exchange.
> > Only domain admins can access OWA on those 2 servers. I created a test web
> > site, and the same thing happened. This makes me believe that the issue is
> > with Windows and not Exchange. The strange part about the test web site and
> > OWA is that if a domain admin logs on to the web site, for about 5 minutes
> > all users can authenticate just fine. Then it starts denying them again.
> >
> > Finally, when I first installed the 2 servers at the remote sites we had an
> > issue where only domain admins could print. I changed the printers from
> > queueing to print directly, and it worked. Since I had time restraints, and
> > there are only a few users at these locations I let it go. However, now the
> > other makes me think this is a larger issue. For both the printing and the
> > web sites the NTFS permissions are fine. And in the domain and local security
> > policies the "authenticated users" group has log on locally and access from
> > the network permissions.
> >
> > Sorry to ramble but the issues all seem related, and people are starting to
> > complain.
> >
> > Thanks
> > Mike
- Next message: peter stickney: "Thumbnail View in Briefcase"
- Previous message: Bob Smith: "RE: Log on Locally problems"
- In reply to: Bob Smith: "RE: Log on Locally problems"
- Next in thread: Bob Smith: "RE: Log on Locally problems"
- Reply: Bob Smith: "RE: Log on Locally problems"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
