G
Guest
I installed Live Communications Sever 2k5 on a Windows 2k3 Server(DC). Now
on all my 2k member servers, I cannot login to the system with the
Administrator account on the domain. The servers are under an OU in my AD
which is governed by a GP. I have changed that GP to specifically allow
logon locally to the Administrator account, but it does not affect the
action.
Here's where it gets really nuts. When I use ntrights to revoke the deny
permission ( -r SeDenyInteractiveLogonRight), and to grant the allow
permission (+r SeInteractiveLogonRight) against the servers in question, the
user is then allowed to logon locally. However, when the GP policy synchs
up, the user is no longer allowed to logon locally. What I've done
temporarly is set a scheduled .cmd file to use the ntrights program to set
the permissions every 10 min, but that is garbage and I'd really like to get
this fixed properly.
Has anybody seen anything like this, or have any insight as to what I can do
to fix this?
Thanks,
Eric
on all my 2k member servers, I cannot login to the system with the
Administrator account on the domain. The servers are under an OU in my AD
which is governed by a GP. I have changed that GP to specifically allow
logon locally to the Administrator account, but it does not affect the
action.
Here's where it gets really nuts. When I use ntrights to revoke the deny
permission ( -r SeDenyInteractiveLogonRight), and to grant the allow
permission (+r SeInteractiveLogonRight) against the servers in question, the
user is then allowed to logon locally. However, when the GP policy synchs
up, the user is no longer allowed to logon locally. What I've done
temporarly is set a scheduled .cmd file to use the ntrights program to set
the permissions every 10 min, but that is garbage and I'd really like to get
this fixed properly.
Has anybody seen anything like this, or have any insight as to what I can do
to fix this?
Thanks,
Eric