Re: 2003 domain - Group Policy problem
- From: "chriss3 [MVP]" <nospamhere_chrisse@xxxxxxxxxx>
- Date: Fri, 22 Sep 2006 17:26:22 +0200
Hello Frank.
The first question can be addressed if you grant the particular account the following rights:
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment\Log on as a service
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment\Allow log on locally
You have probably some GPOs that "break" some security settings, and that's why you have the issues with none-administrators. You have to find out wish GPO that locks down the desktops to much.
rsop.msc and gpresult /v are tools that can be run from the client side or against the client to help troubleshooting.
--
Regards
Christoffer Andersson, TrueSec
Executive Consultant
Microsoft MVP - Directory Services
----------------------------------------------------------------
http://www.chrisse.se - Active Directory Resources
"Frank Jacobs" <FrankJacobs@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:517CCA9D-F916-467E-919D-5EC76EBE7EF9@xxxxxxxxxxxxxxxx
Recently we replaced a Windows 2000 SBS server in the domain.
We changed domain name, installed new Windows 2003 SP1 server with exchange
2003 SP2. Then we added member servers (static ip) and clients (dhcp) to the
new 2003-domain.
Everything seemed to work great, until problems started to occur:
1. We have scheduled tasks running on a member server. The tasks run over
network, they work if we make the task new and let it run immediately. Next
day we get: "COULD NOT START"
Log error:
"asstop.job" (asstop.bat) 22/09/2006 9:20:00 ** ERROR **
The attempt to log on to the account associated with the task failed,
therefore, the task did not run.
The specific error is:
0x80070569: Logon failure: the user has not been granted the requested logon
type at this computer.
Verify that the task's Run-as name and password are valid and try again.
(WE RUN AS DOMAIN ADMINISTRATOR)
2. Most important bad behaviour: when clients (2000 or xp) that are not
domain admins (like 98% of them) logon on a pc where they are local admin,
the client hangs. We get the desktop entirely in blue (not start button,
shortcuts,...). Only thing we can do is ctrl-alt-del and logoff.
When I run command on client as domain admin it works again for a few hours:
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose
please assist
Regards;
Frank Jacobs
SBS2003 Specialist.
.
- Follow-Ups:
- Re: 2003 domain - Group Policy problem
- From: Frank Jacobs
- Re: 2003 domain - Group Policy problem
- Prev by Date: Re: dcdiag
- Next by Date: Re: Change Global group to Universal
- Previous by thread: Re: Moving forest root server
- Next by thread: Re: 2003 domain - Group Policy problem
- Index(es):
