Local Policy doesn't allow logon interactively

G

Guest

We have a windows 2000 serve computer running Active Directory. The
workstations are Windows 2000 prof. Just recently we noticed we were unable
to log into any of the workstations locally as administrator. After
replacing the security file from the repair directory using recovery console
we were able to log in locally. As soon as we joined the domain we were no
longer able to log locally into the workstations. I checked locally policy
and domain policy on the server and for both the administrator was allowed
log on locally rights. The deny log on locally was not defined. I tried
creating a new group, assigning the administrator to that group, giving that
group the log on locally permission for the default domaig policy, creating a
new OU and assigning the default domain policy and still unable to log into
the workstations locally. I am certain it's a domain policy setting rather
than corrupt SID or registry hive on workstation because we only ever have
the issue after joining the domain. Any other suggestions?
 
L

lforbes

rbaker said:
We have a windows 2000 serve computer running Active
Directory. The
workstations are Windows 2000 prof. Just recently we noticed
we were unable
to log into any of the workstations locally as administrator.
After
replacing the security file from the repair directory using
recovery console
we were able to log in locally. As soon as we joined the
domain we were no
longer able to log locally into the workstations. I checked
locally policy
and domain policy on the server and for both the administrator
was allowed
log on locally rights. The deny log on locally was not
defined. I tried
creating a new group, assigning the administrator to that
group, giving that
group the log on locally permission for the default domaig
policy, creating a
new OU and assigning the default domain policy and still
unable to log into
the workstations locally. I am certain it's a domain policy
setting rather
than corrupt SID or registry hive on workstation because we
only ever have
the issue after joining the domain. Any other suggestions?

Hi,

In the Default Domain policy - Comp Config- Windows Settings -
Security Settings - Local Policies - User Rights assignment the
DEFAULT setting is "Not Defined". The ONLY Place that these User
Rights Assignments are defined by default is with the Defaut Domain
Controllers Group Policy.

Therefore someone set the policies in the Default Domain. Change all
to Not Defined and you should be fine.

IF you need to set User Rights Assignments in the future make sure you
create an OU for the computers and then create a new group policy and
set them there.

Cheers,

Lara
 
G

Guest

That did the trick. Thank you for your help.

lforbes said:
Hi,

In the Default Domain policy - Comp Config- Windows Settings -
Security Settings - Local Policies - User Rights assignment the
DEFAULT setting is "Not Defined". The ONLY Place that these User
Rights Assignments are defined by default is with the Defaut Domain
Controllers Group Policy.

Therefore someone set the policies in the Default Domain. Change all
to Not Defined and you should be fine.

IF you need to set User Rights Assignments in the future make sure you
create an OU for the computers and then create a new group policy and
set them there.

Cheers,

Lara

--
http://www.WindowsForumz.com/ This article was posted by author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.WindowsForumz.com/Group-Policy-Local-logon-interactively-ftopict242365.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.WindowsForumz.com/eform.php?p=740983
 
L

lforbes

That did the trick. Thank you for your help

No problem. Glad to help.

Cheers,

Lara
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top