Doman Controller Logon denied

C

Chris..

I have two users who are in the Domain Admin group who
recieve a "You do not have access to logon to this
Session" error when they attempt to RDP connect to any
Domain Controller.

This is a multi-site Win2k AD enabled domain. This is
only effecting these two users and not the other members
of the Domain admin group. I have gone into the domain
controller OU default Policy and ensured that the Domain
admin and even the IT group is allowed to logon locally
and still no joy.


HELP!!
 
L

LCI

Have you confirmed that they're not in another group that has been
explicitly denied access to the DCs? If windows finds both an allow and
a deny, it defaults to the deny.

--Jared
 
C

Chris

Verified that they were not in a blocked group and that
there isn't a specific group in the Deny Local Logon
section. I specifically added their domain accounts to
the allow section and that didn't work, so I've pulled
the specific accounts out.

So I can't see anything in the Default Domain
Controller's GPO that limits them. I'd hate to have to
touch each DC and force the local policy to allow
because, well that defeats the rational for domain level
GPO's, but I guess that's my next step.

Thanks Jared.... Anyone else have an idea?

Chris..
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Cannot Find Domain Controller 2
Domain Controller Security Policy vs. Domain Security Policy? 1
authentication problem 12
Logon Locally problem. 1
User account logon to domain 2
How can I log user logon/logoff time only on domain controller or workstations running windows 2000 1
Need help locking down a server 7
Still having permission problems 16

Top