domain user can't logon. help

[leegold]

Win2k, sp4

hi,
I can not log on to a particular computer with a particular
user/pw. On other computers I can log login with this
user/pw. So what I'm saying is there's a PC in a Domain
that gives the error info cited below when i try to login,
BUT only this PC has the problem - other ones gladly allow
this user to login. I have checked locally on the PC every
admin. setting i know of - I have done the obvious.

This is stumping me, what about this PC's config. prevents
this user from loggin on? Other users on this "problem PC"
can logon (if i hadn't mentioned this). Below is the error
message and the log info. I've googled it and found no
fixes. Help.
Thanks, Lee G.


"Your account is configured to prevent you from using this
computer. Please try another computer."

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 533
Date: 10/31/2003
Time: 3:43:07 PM
User: NT AUTHORITY\SYSTEM
Computer: XXX1100008487
Description:
Logon Failure:
Reason: User not allowed to logon at this computer
User Name: patronG0
Domain: LIBRARY
Logon Type: 2
Logon Process: User32
Authentication Package: Negotiate
Workstation Name: XXX1100008487

 

[Marina Roos]

Logon to that computer as administrator and add the 'problemuser' to the
allowed users in Users and Groups.

Marina

 

[leegold]

Logon to that computer as administrator and add the 'problemuser' to the
allowed users in Users and Groups.

Marina

Did that of course.

 

[Marina Roos]

Have you checked the policy on that computer to see if that user is allowed
to logon?

Marina

 

[Steven L Umbach]

Event ID 533 indicates that the computer that you are trying to log onto is not
included in the list of domain computers the user is allowed to log onto as
configured in the user account in Active Directory Users and Computers under
account/log on to next to the logon hours tab or use net user username on the domain
controller to see list of workstations user is allowed to logon to. An Event ID 534
failure would indicate that the user does not have logon access based on effective
settings in the computers Local Security Policy user rights. --- Steve

 

[leegold]

Have you checked the policy on that computer to see if that user is allowed
to logon?

Marina

Yes, locally on that computer I have.
Lee

 

[leegold]

Event ID 533 indicates that the computer that you are trying to log onto is not
included in the list of domain computers the user is allowed to log onto as
configured in the user account in Active Directory Users and Computers under
account/log on to next to the logon hours tab or use net user username on the domain
controller to see list of workstations user is allowed to logon to. An Event ID 534
failure would indicate that the user does not have logon access based on effective
settings in the computers Local Security Policy user rights. --- Steve

So, you're saying the problem is not local to the workstation,
but that I have make the adjustment on the domain controller ?
If so, I'll stop looking at the workstation and go to the server/
domain controller(?)

Thanks,
Lee

 

[Steven L Umbach]

Hi Lee. That is what I would check. Look at that users account in Active Directory
Users and Computers to see if he is restricted as to what domain computers he can log
onto in the account properties. That is what Event Id 533 indicates is the
roblem. --- Steve