Re: The local policy of this system does not permit you to logon i

Hi Les

Thanks but tried this & it made no difference

Help!!!:)


"Les Connor [SBS MVP]" <les.connor@xxxxxxxxxxxx> wrote in message
news:196B2A66-81E9-4477-8DD7-49CE7BFAC801@xxxxxxxxxxxxxxxx
mobile users is the problem, I believe.

--
Les Connor [SBS MVP]
________________________
Get the SBS BPA here:
http://support.microsoft.com/kb/940439/en-us


"Franky" <frankie_600@xxxxxxxxxxxxx> wrote in message
news:5MadnU4A2_r8xGLanZ2dnUVZ8tignZ2d@xxxxxxxxx
Hi Matabra

I have checked the security policies & the administrator profile is not
in any of the "Deny" settings. I then had a look (&that's all I did) as
I am not to comfy with GPO's so any additional advice would be most
welcome

The administrator is a member of the following:-
Administrators, Domain Admins, Domain Users, Enterprise Admins, Group
Policy Creator Owners, Mobile Users & Schema Admins

Is this correct as I assumed so from previous information I have
researched



"Matabra" <Matabra@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6F27FAEA-F704-4A58-8E2D-7F652097BA70@xxxxxxxxxxxxxxxx
Hi,

Check in the security policys, and all GPO's as to whether the
Administrator
group is in the "Deny local logon" or anything like that. Denys will
always
take precedence over allows.

Is the administrator in any groups other than Administrators and Domain
Users?

Is the administrators group itself nested in any other groups?

The problem has to lie somewhere in your Local Security policy, Domain
Security policy or a diferent GPO

Give me a yell if you still have no joy!

Matt

"Franky" wrote:

Hi Matt

Here is my original post (sorry for the duplication)

1) We were asked to look at a SBS 2003 server & found that the group
policy
has somehow been altered & we decided to do a complete re-install of
the
system. We did a standard install & everything appeared to be running
correctly for about the last month or so we thought, though we had not
rebooted the server at all since we rebuilt it.

2) As this company had no backup device we purchased & shut the server
down
& then fitted backup device & brought server up only to find we could
not
login to the SBS server using the admin UID & PWD. I started to panic
at
this stage as the error given is as follows:-

"the local policy of this system does not allow you to logon
interactively"

After checking for this error I followed this guide

http://support.microsoft.com/kb/841188

did not work for me though from the article above I found it was
possible to
login to the SBS via RDP & I could use the admin UID & PWD!!

even though I could login the via RDP the problems don't end there as
if I
try to run a program using the "run as" command I receive an error
advising
:-

"Logon Failure: the user has not been granted the requested logon type
at
this computer"

I guess this is because the administrator cannot log on so I then
checked
the local policy by running secpol.msc and then checked Security
Settings->Local Policies->User Rights Assignment->Log on Locally

the administrator is already there though I did note that you can not
add/remove any groups

I then checked the Domain Controller Security Policy & checked that the
administrator was allowed to "log on locally" & it is there so I am a
little
stumped as to the cause & was hoping someone has been through this
before
who can assist

I have also created an additional account with the admin template but I
continue to recevie this error

Any help appreciated

Paul

Thanks in advance

"Matabra" <Matabra@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E13FCAED-AA9C-4839-8D42-BCC4C54506F1@xxxxxxxxxxxxxxxx
Franky,

Are you having the problem with the domain admin account or another
account
trying to log onto the server?

Matt

"Franky" wrote:

Hi

I am experiencing exactly this problem & have found no resolution to
this
as
of yet

Les has given me some guides to follow though you may want to try
the
following guide

http://support.microsoft.com/kb/841188

Hope this helps

Paul

"MSExchangeStudent" <exchangestudent@xxxxxxxxxxxxxx> wrote in
message
news:u1nge9vmIHA.5084@xxxxxxxxxxxxxxxxxxxxxxx

"Matabra" <Matabra@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:3339FAC5-27A7-4B2B-83B6-479E2A2E7FCD@xxxxxxxxxxxxxxxx
The reason for this is that he is trying to log directly onto the
server.
He
will need to be given the "allowed to log on interactively" right

Ok, i will do that.Thanks

I assume this is related to your earlier post.. Do you trust this
person?
if
so, give him Domain Admin rights for long enough to install his
app,
then
remove him from that group.
I did that in the meanwhile while waiting for your reply and you
confirm
the same. 100%. thanks you very much

Depends also whether this is a production network or test
network, and
what
security policies are in place.

"MSExchangeStudent" wrote:

A user get this when trying to log on directly onto the server
with
his
credentials but when i use the exact same credentials and log in
via
RDC
from a different location i can get in.

He is allready granted "Allow logon throught terminal
services...right"?
Why is this happening?















.

Relevant Pages

  • Re: Help setting up HIGH END user rights (higher than ADMIN)
    ... there to fix things when all your delegated admins and other security ... MUST trust them. ... > everyone needs to log into it as Administrator so they can run a job. ... > nothing is stopping the Admin to edit their profile and give themselves HR ...
    (microsoft.public.windowsxp.security_admin)
  • Re: How can admin not have access to certain shares?
    ... is hiring a system administrator but wants to have some data that is ... but the admin can change the auditing. ... security events, as this has no place in securing our data. ... security and compliance perspective then doing nothing at all. ...
    (microsoft.public.windows.server.security)
  • Re: The local policy of this system does not permit you to logon i
    ... Les Connor [SBS MVP] ... I have checked the security policies & the administrator profile is not in any of the "Deny" settings. ... The problem has to lie somewhere in your Local Security policy, ...
    (microsoft.public.windows.server.sbs)
  • [NT] User Downgraded from Administrator to User Retains the Ability to List Other Users Running Task
    ... Beyond Security would like to welcome Tiscali World Online ... Windows XP presents a new option called "Fast User Switching" (FUS). ... Eitan has found that if a user is downgraded from an administrator role to ... as shown in task manager)) via tempting the local ...
    (Securiteam)
  • Re: IP Packet Filter
    ... with User Account Controls in Windows Vista, ... including members of the Administrator group. ... admin permissions all the time. ... prevent the malware from subverting security policies entirely then you ...
    (microsoft.public.win32.programmer.networks)
Quantcast