-----Original Message-----
That domain behavior results from groups listed in the
log on locally and log on over the network user rights
(XP introduced the two deny versions of these, which
are not used in a default domain joining).
You have verified that Users group is grant the log on
locally user right, that the account is in Users, and that
there is no group in the Deny local logon user right that
has as a member the account.
If in the Auditing policies you have login events being
audited for success and failure, it is totally bizarre that
you are not receiving any events in an otherwise functioning
security event log.
What are the NTFS settings on the account's profile ?
Does the account have Full control of its own profile ?
(above does not align with message reported, but . . .)
Is there a registry.pol file in the folder
system32\GroupPolicy\User ?
--
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4) MCDBA
I did verify that the security log is configured
correctly. I have tried verifying that with using an
incorrect password and I did come up with an event on the
security log.
This problem is behavior consistant with a domain
evironment where a user is allow to log onto only specific
PCs. Thus the rub, I'm a standalone PC. :-(
-----Original Message-----
Go into Computer Management/Event Viewer/security log
and
clear [right click/clear
all events] it to see if it helps. If it does then set your security log to overwrite
events as needed. --- Steve
I did try to recreate the account with the same
memeberships and even tried to create other new accounts,
all with the same result. I do have logging enabled. That
was interesting as well, the security log isn't showing
anything. Since my son isn't being allowed to log on,
it's not coming up with an error such as a wrong password.
Any idea what the deal is?
Toli
-----Original Message-----
If you define a new limited account (one with group
memberships equal to those of your son's problem
account) does it show any login issues ?
You seem to have covered the bases as far as user rights
are concerned.
What is showing in the security event log (assuming you
have event logging enabled) ?
--
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4) MCDBA
I've run accross an interesting problem. I have my
son's
account that's getting the following popup at log on.
"your account is configured to prevent you from using
this computer"
I'm on a stand alone pc. I dont have him in the "deny
logon locally" on security policy, nor is he a member
of
a group that's affected by that policy. I do have him
in
the user's group, which can log on locally. It seems
that
only members of the local adminstrators group can log
onto this PC. He was able to log on recently, and I
haven't messed with the local group policy.
Any ideas?
Thanks
.
.
.