Local Login Policy/Effective Policy does not grant login, Windows

[Guest]

Windows 2000 server has local accounts and local user accounts are not able
to "Log on Locally".

The "Log on Locally" local rights exist, but they are overwritten by the
effective rights which are blank. As a result the local user is not able to
login to the computer.

The server was connected to a domain, but it was removed for trouble
shooting purposes.

I've been using 1.)secedit to refresh the security policy, 2.) gpresult to
view the group policies that are effective on the system, 3.) gpedit.msc to
view the local policy.

What can be done so that "Log on Locally" is granted to the local user
accounts?

Thanks,
Jim

 

[Steven L Umbach]

Check to make sure that the computer shows that it is no longer a member of
the domain but is instead in a workgroup. If that is the case and you are
having such problem it could be that the local secedit.sdb is corrupt. The
link below may be worth a try. The built in local administrator account
should be able to logon. You may first want to use the Security
Configuration and Analysis snapin to see what it reports for security
settings. If possible try to add users to the list of groups allowed to
logon locally if it does not contain that group currently and reboot the
computer. Any groups/users in deny logon locally will override logon locally
user right. --- Steve

http://www.jsifaq.com/SUBH/TIP3500/rh3561.htm
http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/seconfig.mspx
--- how to use SCA tool.

 

[Guest]

Tried by move the secedit.mdb but it was in use by another process. What
needs to be done to move the file?

 

[Steven L Umbach]

You might try booting into safe mode to see if that helps. Also see the link
below on using esentutl to try to repair secedit.sdb. --- Steve

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_scetroubletn.mspx