Solved

Remove User from "Local Security Settings" policiy

Posted on 2003-11-17
6
936 Views
Last Modified: 2010-04-14
I don't know why I am not able to remove users from my "Local Security Settings" for various policies on my Domain Controller.  It is causing some errors in the logs because there is a user that is assigned able to "Log in as batch job", yet this user account has been removed.

I am able to add any number of users I want to this, or any security policy, but there does not seems to be a way for me to remove the user.  I cannot change the "Effective Setting" of the policies either, as they are greyed out.  Thanks for the help...Not sure what I am missing.
0
Comment
Question by:barthalamu
  • 3
  • 2
6 Comments
 
LVL 5

Expert Comment

by:juliancrawford
ID: 9768300
Have you tried to use the command prompt.

>net users  
<--- to list the users

>net user test /del
<---- to remove username test
0
 

Author Comment

by:barthalamu
ID: 9772085
Juliancrawford:

The problem is that the user does not exist at all anymore.  The IUSR_computername user has been removed by uninstalling IIS, however in my "Local Security Policy", the user appears in a couple of policies.  This is causing some errors, and I cannot remove the user from the "Local Security Policy".  When I go to "Security" of a particular rule, I have an add button, but no remove button.

Thanks for the help.
0
 
LVL 84

Expert Comment

by:oBdA
ID: 9772768
Simply uncheck the box at the "Local Policy Setting" for the user in question.
Restart secpol.msc to actually see the change.
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 

Author Comment

by:barthalamu
ID: 9773220
oBdA:

Maybe I am still doing something wrong, but when I execute secpol.msc, then make my changes, then click on the top of the heirarchy "Security Settings", "Reload", it does not reflect the changes I made.  I.E. I uncheck the IUSR_computername user from the "local setting" of a rule. (it has an effective setting greyed out as checked)  After I reload, it does not take the IUSR_computername user out of the "Effective Settings" for that rule.

Thanks for the help.
0
 
LVL 84

Accepted Solution

by:
oBdA earned 350 total points
ID: 9773532
If it's unchecked in your "Local Settings", but still checked in the "Effective Settings", it's coming from a domain policy.
You can use gpresult.exe from the Resource Kit (or from http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/gpresult-o.asp) to find out where it's coming from.
0
 

Author Comment

by:barthalamu
ID: 9774131
oBdA:

Thanks for the help!!  This tool did not actually tell me what I wanted, since it works for the currently logged in user only. (and the user I was looking for was actually deleted, but the security policy was still in place for that user)  It did get me on the right track however.  I had though that I checked if it was coming from the "Domain Controller Security Policy", however I looked in the "Domain Security Policy" instead, where I did not see it of course.  I realized my mistake at that point and was able to fix it.

Thanks to you and juliancrawford for the help!
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
IT certifications are a concrete representation of continual learning on the part of the candidate.  Continual learning is necessary for the long term success of an IT professional, but are IT certifications the right path for you?
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question