barthalamu
asked on
Remove User from "Local Security Settings" policiy
I don't know why I am not able to remove users from my "Local Security Settings" for various policies on my Domain Controller. It is causing some errors in the logs because there is a user that is assigned able to "Log in as batch job", yet this user account has been removed.
I am able to add any number of users I want to this, or any security policy, but there does not seems to be a way for me to remove the user. I cannot change the "Effective Setting" of the policies either, as they are greyed out. Thanks for the help...Not sure what I am missing.
I am able to add any number of users I want to this, or any security policy, but there does not seems to be a way for me to remove the user. I cannot change the "Effective Setting" of the policies either, as they are greyed out. Thanks for the help...Not sure what I am missing.
ASKER
Juliancrawford:
The problem is that the user does not exist at all anymore. The IUSR_computername user has been removed by uninstalling IIS, however in my "Local Security Policy", the user appears in a couple of policies. This is causing some errors, and I cannot remove the user from the "Local Security Policy". When I go to "Security" of a particular rule, I have an add button, but no remove button.
Thanks for the help.
The problem is that the user does not exist at all anymore. The IUSR_computername user has been removed by uninstalling IIS, however in my "Local Security Policy", the user appears in a couple of policies. This is causing some errors, and I cannot remove the user from the "Local Security Policy". When I go to "Security" of a particular rule, I have an add button, but no remove button.
Thanks for the help.
Simply uncheck the box at the "Local Policy Setting" for the user in question.
Restart secpol.msc to actually see the change.
Restart secpol.msc to actually see the change.
ASKER
oBdA:
Maybe I am still doing something wrong, but when I execute secpol.msc, then make my changes, then click on the top of the heirarchy "Security Settings", "Reload", it does not reflect the changes I made. I.E. I uncheck the IUSR_computername user from the "local setting" of a rule. (it has an effective setting greyed out as checked) After I reload, it does not take the IUSR_computername user out of the "Effective Settings" for that rule.
Thanks for the help.
Maybe I am still doing something wrong, but when I execute secpol.msc, then make my changes, then click on the top of the heirarchy "Security Settings", "Reload", it does not reflect the changes I made. I.E. I uncheck the IUSR_computername user from the "local setting" of a rule. (it has an effective setting greyed out as checked) After I reload, it does not take the IUSR_computername user out of the "Effective Settings" for that rule.
Thanks for the help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
oBdA:
Thanks for the help!! This tool did not actually tell me what I wanted, since it works for the currently logged in user only. (and the user I was looking for was actually deleted, but the security policy was still in place for that user) It did get me on the right track however. I had though that I checked if it was coming from the "Domain Controller Security Policy", however I looked in the "Domain Security Policy" instead, where I did not see it of course. I realized my mistake at that point and was able to fix it.
Thanks to you and juliancrawford for the help!
Thanks for the help!! This tool did not actually tell me what I wanted, since it works for the currently logged in user only. (and the user I was looking for was actually deleted, but the security policy was still in place for that user) It did get me on the right track however. I had though that I checked if it was coming from the "Domain Controller Security Policy", however I looked in the "Domain Security Policy" instead, where I did not see it of course. I realized my mistake at that point and was able to fix it.
Thanks to you and juliancrawford for the help!
>net users
<--- to list the users
>net user test /del
<---- to remove username test