Re: cannot logon locally

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 07/30/04 

Date: Thu, 29 Jul 2004 20:09:42 -0700

That process was for a machine that is not in a domain,
hence it began
> >If the machine is a stand-alone, then map C$ (or the
For a machine in a domain use a GPO that will apply
to the machine

Now - I am concerned as you say the machine is a PDC.
You mean you cannot log into the DC of your AD domain ?
Also, now that you did something following along with the
KB article 324800 you probable need to let us know which
parts you applied. How did you apply this anyway, given
that you cannot log into the machine, with the snap-in focused
on it over the network?. 

-- 
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"Jeff" <reboot4u@pronetisp.net> wrote in message
news:446401c47331$a77c9d10$a301280a@phx.gbl...
> Can you explain how to do this?  I tried to reset using
> the defaults in the KB article 324800 but nothing has
> changed.  Is the change done through a command line from
> another machine?  It is in a domain and is the PDC.  I
> tried mapping to the C$ drive but there was no tab to
> change any security settings.
>
> thanks in advance
> jeff
> >-----Original Message-----
> >If the machine is in a domain, then apply a GPO to it
> >that changes the log on locally (or deny of same) user
> >rights setting(s).
> >If the machine is a stand-alone, then map C$ (or the
> >equivalent) and then set a deny of full control for the
> >administrators group on the system32\group policy
> >folder.  Then log in, remove this deny and edit the
> >local policy to remove the obstructing setting.
> >
> >-- 
> >Roger Abell
> >Microsoft MVP (Windows Server System: Security)
> >MCSE (W2k3,W2k,Nt4)  MCDBA
> >"Jeff" <anonymous@discussions.microsoft.com> wrote in
> message
> >news:3c6001c472c4$c3fa8c30$a601280a@phx.gbl...
> >> Hi,
> >>
> >> I have a win2k3 server that no matter what I do, it will
> >> not let me logon locally.  I get the message "the local
> >> policy of this system does not permit you to logon
> >> locally".  I can access all files from another machine
> >> from an XP machine (through my network places).  But I
> >> can't logon when physically in front of the machine.  I
> >> can't get to it from a remote desktop either.  Is there
> >> any way to get back into this machine to change the
> policy
> >> back to allow local logins?
> >>
> >> Thanks
> >> jeff
> >
> >
> >.
> >

Relevant Pages

  • Re: Logon Failure: user is restricted
    ... GPO at the domain level and then have a different policy on your Default DC ... This is the right required to be able to logon to the console of a> desktop. ... GPOs are> powerful things that can screw up your entire network, so they qualify> more than most infrastructure changes as requiring good change management> processes. ...
    (microsoft.public.windows.group_policy)
  • Re: Logon script not working
    ... I edited the Default Domain Policy ... If I click on Show Files in that window, ... From the looks of it, other than the Acronis Remote GPO, which I assume ... So far we know the legacy method (Netlogon folder and specifying the logon ...
    (microsoft.public.windows.server.sbs)
  • Re: Stop Certain user accounts logging onto pc??
    ... just put that account into the "Deny Logon ... Locally" list and enable that policy. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Exclude from GPO ..
    ... Policy but to create a new GPO linked to the Domain level? ... and deny them the right to read or apply the gpo. ... but for the life of me cannot figure out how to exclude the user accounts ...
    (microsoft.public.windows.server.active_directory)
  • Re: Cached Credentials
    ... W2k in a domain will used cached logon credentials if a DC is not available, ... One thing you might do in the Local policy is disable the ... > If I have a GPO in place for my domain that secures ...
    (microsoft.public.win2000.security)
Quantcast