Re: I cant' logon to my server with an Administrator .
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 08/11/04
- Previous message: Darren Mar-Elia: "Re: installing software via Site GPO?"
- In reply to: Sara: "Re: I cant' logon to my server with an Administrator ."
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 11 Aug 2004 01:39:35 GMT
There is a Local Security Policy on all domain computers, however defined settings in
Domain Controller Security Policy will override Local Security Policy defined
settings. You should also check the deny logon locally setting that can override the
logon locally setting. I would make sure it is defined with the guest account as the
sole entry in Local Security Policy. Yes gpupdate is used instead of secedit for
Windows 20033. --- Steve
" Sara" <vaio9003@yahoo.com> wrote in message
news:%23a1kCbyfEHA.3632@TK2MSFTNGP11.phx.gbl...
> Mine is a DC with a AD so that's no any local security policy tho.
> when i open default domain security setting, then I go Local policies->User
> Rights assignment-> When I define these policy settings, I click on apply ,
> then it has an error msg "Administrator must be granted the logon local
> rights. "
> I know the "adminitrator" has a right to allow log on locally under "
> Default Domain controller security settings. " what else should I check ?
>
> Last question is that can I run Dcupdate in Win 2k3 instead of refreshpolcy
> ?
>
>
> "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
> news:iz7Sc.233010$a24.14924@attbi_s03...
> > If this is a domain controller you want to make sure that administrators
> is in the
> > setting for logon locally and that there is no overriding setting in deny
> logon
> > locally keeping in mind that administrators are in the users and everyone
> groups. I
> > would suggest that you define deny logon locally and add the guest account
> in Domain
> > Controller Security Policy. You should also check Local Security Policy on
> that
> > domain controller to see what the effective settings are for logon locally
> and deny
> > logon locally. If you change Domain Controller Security policy, run
> secedit
> > /refreshpolicy machine_policy /enforce on it to speed up change to local
> policy.
> >
> > If this is not a domain controller, look in the Local Security Policy of
> the server
> > for those two user rights and configure them appropriately keeping in mind
> that a
> > higher level policy such as a GPO for the Organizational Unit that the
> server is in
> > can override the local settings and if that is the case the GPO will have
> to be
> > modified to allow local logon. --- Steve
> >
> >
> > " Sara" <vaio9003@yahoo.com> wrote in message
> > news:etKruMvfEHA.2536@TK2MSFTNGP09.phx.gbl...
> > > Hi everyone,
> > >
> > > I change sth on my policy, like a month ago, and never restart my
> server.
> > > when I restart my server last night, and then I cant' logon as an
> > > administrator, since it said can't logon locally.
> > > I can only logon to my server by using remote desktop from other
> machine.
> > > I check on Default domain controller security settings, and under local
> > > policies- users right assignment.
> > > Allow lo on locally, I do see administrator in teh setting ?? what else
> > > should I check from here???
> > > Can anyone give me any advice. ? Thank you .
> > >
> > >
> >
> >
>
>
- Previous message: Darren Mar-Elia: "Re: installing software via Site GPO?"
- In reply to: Sara: "Re: I cant' logon to my server with an Administrator ."
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
