RE: I shot my foot off almost and the Admin can't log into the server locally
From: Matt Trudewind[MSFT] (a-mattt_at_online.microsoft.com)
Date: 03/29/04
- Next message: Bill \(nee Gizmo\) Swan: "Re: SBS2003 - remote access with only static IP, no DNS registration"
- Previous message: Al Christoph: "RE: I shot my foot off almost and the Admin can't log into the server locally"
- In reply to: Tony Su: "I shot my foot off almost and the Admin can't log into the server locally"
- Next in thread: Al Christoph: "Re: I shot my foot off almost and the Admin can't log into the server locally"
- Reply: Al Christoph: "Re: I shot my foot off almost and the Admin can't log into the server locally"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 29 Mar 2004 20:46:22 GMT
--------------------
>
>Looks like you're not trying to logon locally at the
>console, you're logging on locally through an Internet
>Service/Application of some kind?
>
>127.0.0.1 may not be a member of the "Trusted"
>or "Intranet" zones.
>
>If that does not fit your situation, then pls repost
>exactly how you are trying to "logon locally," througn
>what interface/application.
>
>Tony Su
>
>
>
>
>>-----Original Message-----
>>Prior to today, the Adminnistrator account has been able
>to log in locally to the SBS 2003 server. (Let's not
>debate the merits of that.) I was screwing around on
>client pc's adding them to the server, etc, and now when I
>attempt to log into the server I get the infamous you are
>not allowed to log on locally message. Here are the
>details from the event log:
>>Logon Failure:
>> Reason: The user has not been granted the requested
>> logon type at this machine
>> User Name: Administrator
>> Domain: 3BEARS
>> Logon Type: 2
>> Logon Process: User32
>> Authentication Package: Negotiate
>> Workstation Name: AC2M2
>> Caller User Name: AC2M2$
>> Caller Domain: 3BEARS
>> Caller Logon ID: (0x0,0x3E7)
>> Caller Process ID: 432
>> Transited Services: -
>> Source Network Address: 127.0.0.1
>> Source Port: 0
>>
>>Two things are good
>>1. The Administrator account can still log on to the
>server from another PC on the netwrk.
>>2. I have a back up administrator and that works fine.
>>
>>I've tried many of the suggestions here and nothing seems
>to help.
>>
>>The only interesting thing that I saw was
>that "administrator" was missing from account on the
>Administrator's Proerty Page Account tab. Restoring that
>did not help.
>>
>>I've been all through both the local policies and group
>policies and have not spotted anything.
>>
>>Any more suggestions would be appreciated. I'll
>cheerfully report back on what I find.
>>
>>Regards,
>>Al
>>.
>>
>
Login with your other Admin account and check group membership of the Administrator account.
By default the Administrator should be a member of these groups:
Administrators, Domain Admins, Domain Users, Enterprise Admins, Group Policy Creators, Internet Users, Mobile Users, and Schema Admins.
If the Administrator is a member of any additional group then go ahead and remove him from those.
Matt Trudewind
Microsoft Product Support Specialist
This posting is provided "AS IS" with no warranties, and confers no rights.
- Next message: Bill \(nee Gizmo\) Swan: "Re: SBS2003 - remote access with only static IP, no DNS registration"
- Previous message: Al Christoph: "RE: I shot my foot off almost and the Admin can't log into the server locally"
- In reply to: Tony Su: "I shot my foot off almost and the Admin can't log into the server locally"
- Next in thread: Al Christoph: "Re: I shot my foot off almost and the Admin can't log into the server locally"
- Reply: Al Christoph: "Re: I shot my foot off almost and the Admin can't log into the server locally"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
