Re: Cannot logon to "(local machine)"

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 11/30/04 

Date: Tue, 30 Nov 2004 02:43:34 GMT

That is by design. You can only logon to the local computer with accounts
that exist in the local user database as shown by lusrmgr.msc because when
you logon to the local computer you are authenticating with the local sam.
Domain users must select the domain name when they logon - not the local
machine --- Steve

"nhlpens66" <nhlpens66@discussions.microsoft.com> wrote in message
news:8B22C6FB-40FF-492B-9004-0F222E2BEBE5@microsoft.com...
>I am able to logon with local accounts (locally only, of course); and with
> domain accounts through domain authentication only. I CANNOT logon to any
> domain accounts locally (local machine).
>
> "Steven L Umbach" wrote:
>
>> So you are not able to logon at all as that user?? If that is the case
>> enable auditing of logon events on the computer in question and account
>> logon events in Domain Controller Security Policy to see if any logon
>> failures are recorded and the reason for such. The error seems to
>> indicate
>> unknown user account or bad password. By default all domain users can
>> logon
>> to all domain computers except domain controllers. Make sure you are
>> logging
>> onto the correct domain or not the local machine on the computer in
>> question. Also check that the user has permissions to their local profile
>> which by default would be full control and also be owner. --- Steve
>>
>>
>> "nhlpens66" <nhlpens66@discussions.microsoft.com> wrote in message
>> news:7C8963B1-F2CE-43E4-B3E0-8985E3D2B93B@microsoft.com...
>> >I setup roaming profiles and can logon to my domain for each user.
>> >However,
>> > when I try to compare the original local profile with the new roaming
>> > profile side-by-side, I get this error message:
>> >
>> > "The system could not log you on. Make sure your User name and Domain
>> > are
>> > correct..."
>> >
>> > I get this when attempting to log on locally to the machine with the
>> > original, local profile.
>> >
>> > I tried setting the "Allow log on locally" policy under Computer
>> > Configuration/Windows Settings/Security Settings/Local Policies/User
>> > Rights
>> > Assignment".
>> >
>> > I added the users group. I even added the user explicitly.
>> >
>> > Am I missing a step when applying this policy? I can email my
>> > gpresults
>> > if
>> > you'd like. Everything appears to be in order.
>> >
>> > --
>> > Jim
>>
>>
>>

Relevant Pages

  • Re: Domain unavailable for some logons
    ... You probably have a dns problem and the computer that you can not logon to ... with the domain account can not find the domain controller. ... > couple logon accounts for most of the 25 PC's. ...
    (microsoft.public.win2000.security)
  • Re: Domain Password Security
    ... accounts need to use complex passwords and minimum of ntlmv2 should be used for lan ... Services Client and configuring authentication level on Domain Controller Security ... controllers if you have all W2K/XP computers. ... I also recommend you enable auditing of account logon and logon ...
    (microsoft.public.win2000.security)
  • Re: Domain Password Security
    ... Domain Controller Security ... >controllers if you have all W2K/XP computers. ... >administrator accounts only when needed to, ... account logon and logon ...
    (microsoft.public.win2000.security)
  • Re: User Login
    ... filtering so that only this group gets the deny logon locally privilegs. ... the domain group called Domain Users is a member of the local ... put those user accounts into domain group and apply a GPO to the OU ... "Meinolf Weber" wrote: ...
    (microsoft.public.windows.server.active_directory)
  • Re: RODC ...
    ... Win2003 DCs with RODC the WAN link between the RODC and RWDC goes ... Only then the users are able to logon if the WAN link is down. ... The Password Replication Policy acts as an access control list. ... The Password Replication Policy lists the accounts that are permitted ...
    (microsoft.public.windows.server.active_directory)
Loading