2000 server "interactive login prohibeted"

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I made a "small" mistake when configuring my local user policy on my windows 2000 server with active directory. I seemed to have prohibited any and all users from loging onto the server. Desktop logins are working okay. I do not have it configured for terminal services so I can not log in remotely and fix it. Is there anyway of fixing it without re-installing windows? Is there a way of going back to the default security policy without killing all my user accounts in active directory?
Any help or advice is very much appreciated.
 
Anton said:
I made a "small" mistake when configuring my local user policy on my
Click to expand...
windows 2000 server with active directory. I seemed to have prohibited any
and all users from loging onto the server. Desktop logins are working okay.
I do not have it configured for terminal services so I can not log in
remotely and fix it. Is there anyway of fixing it without re-installing
windows? Is there a way of going back to the default security policy without
killing all my user accounts in active directory?
Any help or advice is very much appreciated.
Click to expand...

You don't need Terminal services to access the server. Locate a W2K client
on the network/domain and run adminpak.msi off the server's CD (I386
directory) and modify the domain or server security with the MMC snap-ins.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;216999
 
Anton said:
Thank you. I installed that adminpak.msi and then went to load the various
Click to expand...
snapin's. Everyimte I went to connect to the domain controller it said that
it could not be found. I can aunthenticate to the domain okay without any
problems, but so far I have not been able to get into it at all. Woud you
have any other suggestions or am I missing something obvious that you know
of? I appreciate the help.

Doesn't make sense, you are authenticated on the domain but can't locate a
domain controller? Are you running the MMC console with appropriate
privileges for DC access? Does pinging the DC name succeed? How many DCs are
present? Is DNS running on the network? etc
 
Now don't laugh, but we have one domain controller and 3
pc's. Not exactly a big network. I am using static IP and
no DNS. They can ping each other fine. They are all
Windows 2000 pc's. I did get my problem fixed though, by
downloading "ntrights.exe" from the 2003 Rsource Kit and
then running it with a few command switches. I still have
some other "non-critical" bugs to fix. I am going to check
on the priviledges that you mentioned earlier. I also can
not "browse" the 3 pc's from the server. The pc's can see
each other fine, and they see the server fine, but not the
other way. The pc's authenticate fine and server shares
works great. It just does not go the other way. I am
thinking I need to configure DNS. I am new at this so I am
still in the learning curve. Thanks again for the help. I
have so much to learn.
 
Now don't laugh, but we have one domain controller and 3
pc's. Not exactly a big network. I am using static IP and
no DNS. They can ping each other fine. They are all
Windows 2000 pc's. I did get my problem fixed though, by
downloading "ntrights.exe" from the 2003 Rsource Kit and
then running it with a few command switches. I still have
some other "non-critical" bugs to fix. I am going to check
on the priviledges that you mentioned earlier. I also can
not "browse" the 3 pc's from the server. The pc's can see
each other fine, and they see the server fine, but not the
other way. The pc's authenticate fine and server shares
works great. It just does not go the other way. I am
thinking I need to configure DNS. I am new at this so I am
still in the learning curve. Thanks again for the help. I
have so much to learn.
Click to expand...

Its worth both running a DNS server and knowing DNS inside-out whenever you
are dealing with W2K or XP. W2K clients, including servers, resolve via DNS
quite eficiently (add that to the fact that DNS provides forwarders to query
on behalf of clients).

Note that a client will a)consult host file, b)query a dns server, c)consult
lmhost file, d)broadcast in netbios and e)Wins server. With the last 3 not
neccessarily in that order. Not having a DNS server on the network has a
serious traffic implication.

If you can't browse from the server, it's probably cause nbt is disabled and
no DNS server is provided. Regardless, a DNS server is practically a
requirement on a modern network. Whats certain is that a strong knowledge of
DNS is very helpful. DNS is why the W2K network architecture is built the
way it is(a hierarchy).

Required reading:
http://www.microsoft.com/windows2000/techinfo/howitworks/communications/name
adrmgmt/w2kdns.asp

 
You must log in or register to reply here.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Windows 2000 - Windows 2003 Combination/Licenses 1
The Server machine does not allow the login of active directory user 1
Windows 2000 server 1
Terminal Servers Profile 1
Terminal services user login on a 2000 server 2
Windows 2000 very slow 1
Testing - Can Administrator login as a user without the user's password? 2
Error "the local policy of this system does not permit you to logon interactively" 3

Back
Top