Remove User from "Local Security Settings" policiy

I don't know why I am not able to remove users from my "Local Security Settings" for various policies on my Domain Controller.  It is causing some errors in the logs because there is a user that is assigned able to "Log in as batch job", yet this user account has been removed.

I am able to add any number of users I want to this, or any security policy, but there does not seems to be a way for me to remove the user.  I cannot change the "Effective Setting" of the policies either, as they are greyed out.  Thanks for the help...Not sure what I am missing.
barthalamuAsked:
Who is Participating?
 
oBdAConnect With a Mentor Commented:
If it's unchecked in your "Local Settings", but still checked in the "Effective Settings", it's coming from a domain policy.
You can use gpresult.exe from the Resource Kit (or from http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/gpresult-o.asp) to find out where it's coming from.
0
 
juliancrawfordCommented:
Have you tried to use the command prompt.

>net users  
<--- to list the users

>net user test /del
<---- to remove username test
0
 
barthalamuAuthor Commented:
Juliancrawford:

The problem is that the user does not exist at all anymore.  The IUSR_computername user has been removed by uninstalling IIS, however in my "Local Security Policy", the user appears in a couple of policies.  This is causing some errors, and I cannot remove the user from the "Local Security Policy".  When I go to "Security" of a particular rule, I have an add button, but no remove button.

Thanks for the help.
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
oBdACommented:
Simply uncheck the box at the "Local Policy Setting" for the user in question.
Restart secpol.msc to actually see the change.
0
 
barthalamuAuthor Commented:
oBdA:

Maybe I am still doing something wrong, but when I execute secpol.msc, then make my changes, then click on the top of the heirarchy "Security Settings", "Reload", it does not reflect the changes I made.  I.E. I uncheck the IUSR_computername user from the "local setting" of a rule. (it has an effective setting greyed out as checked)  After I reload, it does not take the IUSR_computername user out of the "Effective Settings" for that rule.

Thanks for the help.
0
 
barthalamuAuthor Commented:
oBdA:

Thanks for the help!!  This tool did not actually tell me what I wanted, since it works for the currently logged in user only. (and the user I was looking for was actually deleted, but the security policy was still in place for that user)  It did get me on the right track however.  I had though that I checked if it was coming from the "Domain Controller Security Policy", however I looked in the "Domain Security Policy" instead, where I did not see it of course.  I realized my mistake at that point and was able to fix it.

Thanks to you and juliancrawford for the help!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.