Link to home
Start Free TrialLog in
Avatar of Magothytech1
Magothytech1Flag for United States of America

asked on

Administrator can't log into SBS 2003

We have a SBS 2003 Dell server that had been running great. For whatever reason we can no longer log into it with either the Administrator account or an account that I have create as a backup account. The only way I could log into the system was with the "GUEST" account.

I should have noted the exact error message... was something like:
       "Your account has not been granted to requested rights to log on..."

Obvious some settings have changed...I asked the owner what had happened since I was last onsite and he said that one of their vendors had remoted into the server to do some application maintenance on JobBOSS (an app they run). No we have this login issue.
Is there an easy way to restore the security settings without loosing current configurations?

Oddly enough the "GUEST" account has been granted admin rights (Crazy I know)
I didn't want to make any changes while they were up and running...we do have this coming Sunday schedule to try and repair the issue.
I had hoped that someone has seen this before and may have a clean solution that would provide a resolution.
My best
Avatar of Brian Pierce
Brian Pierce
Flag of United Kingdom of Great Britain and Northern Ireland image

Have they renmaed the administrator account? This is good practice - however granting admin rights to guest is not !

If you can log in with an account that has administrator privilages then you can find out.

If necessary assign the administrator rights back to the administrator account.

This incident shows the benefits of more than one account with admin privilages. The administrator accoint needs to be a member of:
Administrators
Enterprise Administrators
Domain Administrators
Group Policy Creator Owners
Schema Administrators
Avatar of Magothytech1

ASKER

Hi KCTS I did check the admin account it it had not been renamed.

When we try and log in with the admin account it reconizes the account and password...but it give the login error.
Avatar of Jeremy Weisinger
Jeremy Weisinger

Run RSoP in logging mode and see if any of the User Rights Assignments have changed. Specifically the rights pertaining to logon. Be suer not to mess with the guest account until you have an Administrator account working properly.
From an Administrative Workstation (one with the Admin Tools installed) log in with the Admin account for the domain.

Open ADUC.
Right click on the domain and select Properties.
On the Group Policy tab, select the Default Domain Controller Policy and press Edit.
Find the following element:

Computer Configuration>Windows Settings>Security Settings>Local Policies>User Rights Assignment:

Deny Logon locally

Make sure Administrators is NOT in there.

AND

Allow Logon Locally

Make sure the following are in there:
Account Operators
Administrators
Backup Operators
IUSR_{servername}
Print Operators
Server Operators

If you make changes, allow time to apply (it may take 90 minutes).

Let us know.
@Netman66 "(it may take 90 minutes)"
Only for workstations and member servers. Since it's a DC, group policy refreshes every 5 minutes. Or you can run "gpupdate /force".
I have to check for myself but i am being told that the "Default Domain Controller Policy " had been deleted. Why would this be and if so how best to recover?
Can you logon the console? Or is the problem strictly remote?
As above if remote.
Otherwise, ERD Commander 2005 will give you to the required tool to reset the Admin password with one reboot.

Philip
ASKER CERTIFIED SOLUTION
Avatar of Netman66
Netman66
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I have been looking for their static IP address so that I can try a remote login. I don't login to their server often and they recently chnages ISPs so i still have the old address listed. I do beleive that the admin account will be able to login via RDC, but I probally won't know for sure until Sunday when Iam onsite.

We have some great suggestions and I really appreciate all the input...I wish I could be onsite their sooner...if I get an more info before Sunday I'll post it.

Thanks again and enjoy the holiday!
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hi all - I'm here onsite now and the administrator account can't log on at the console BUT CAN login with the administrator account via RDC on an XP-PRO box.

I try to update the group policy and nothing seems to help.'

I have run DCGPOFIX several times and RSOP anlong with  GPUPDATE /FORCE

NOTHING has worked
Any suggestions?
When I run the Group Policy results from a RDC session for the Administrator I receive the following:

Overlapped I/O operation is in progress

Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.

Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 7/5/2007 6:55:35 PM and 7/5/2007 6:55:35 PM.

What is the cause of this and what our resolution?
Here's the latest after a servre reboot:
 Well now when I try to log into the server from the console I am receiving:

  "The local policy of this system does not permit you to logon interactively"

Here's the latest after a servre reboot:
 Well now when I try to log into the server from the console I am receiving:

  "The local policy of this system does not permit you to logon interactively"

This link is really close to the issue we are having...but it hasn't resolved the issue:

http://support.microsoft.com/kb/841188
If you have IIS on that server, try this from the RDP session:

Open a Command Prompt window
Drill down into C:\Inetpub\AdminScripts (or wherever your inetpub is)
from that folder run "cscript.exe synciwam.vbs -v"

Let us know.

Solution solved by going through the step in the KB-841188 and then installed SP-2

The server had been running SP1

Now everything is GREAT again!

Thanks to all!