Solved

Remove User from "Local Security Settings" policiy

Posted on 2003-11-17
6
933 Views
Last Modified: 2010-04-14
I don't know why I am not able to remove users from my "Local Security Settings" for various policies on my Domain Controller.  It is causing some errors in the logs because there is a user that is assigned able to "Log in as batch job", yet this user account has been removed.

I am able to add any number of users I want to this, or any security policy, but there does not seems to be a way for me to remove the user.  I cannot change the "Effective Setting" of the policies either, as they are greyed out.  Thanks for the help...Not sure what I am missing.
0
Comment
Question by:barthalamu
  • 3
  • 2
6 Comments
 
LVL 5

Expert Comment

by:juliancrawford
ID: 9768300
Have you tried to use the command prompt.

>net users  
<--- to list the users

>net user test /del
<---- to remove username test
0
 

Author Comment

by:barthalamu
ID: 9772085
Juliancrawford:

The problem is that the user does not exist at all anymore.  The IUSR_computername user has been removed by uninstalling IIS, however in my "Local Security Policy", the user appears in a couple of policies.  This is causing some errors, and I cannot remove the user from the "Local Security Policy".  When I go to "Security" of a particular rule, I have an add button, but no remove button.

Thanks for the help.
0
 
LVL 83

Expert Comment

by:oBdA
ID: 9772768
Simply uncheck the box at the "Local Policy Setting" for the user in question.
Restart secpol.msc to actually see the change.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:barthalamu
ID: 9773220
oBdA:

Maybe I am still doing something wrong, but when I execute secpol.msc, then make my changes, then click on the top of the heirarchy "Security Settings", "Reload", it does not reflect the changes I made.  I.E. I uncheck the IUSR_computername user from the "local setting" of a rule. (it has an effective setting greyed out as checked)  After I reload, it does not take the IUSR_computername user out of the "Effective Settings" for that rule.

Thanks for the help.
0
 
LVL 83

Accepted Solution

by:
oBdA earned 350 total points
ID: 9773532
If it's unchecked in your "Local Settings", but still checked in the "Effective Settings", it's coming from a domain policy.
You can use gpresult.exe from the Resource Kit (or from http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/gpresult-o.asp) to find out where it's coming from.
0
 

Author Comment

by:barthalamu
ID: 9774131
oBdA:

Thanks for the help!!  This tool did not actually tell me what I wanted, since it works for the currently logged in user only. (and the user I was looking for was actually deleted, but the security policy was still in place for that user)  It did get me on the right track however.  I had though that I checked if it was coming from the "Domain Controller Security Policy", however I looked in the "Domain Security Policy" instead, where I did not see it of course.  I realized my mistake at that point and was able to fix it.

Thanks to you and juliancrawford for the help!
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This video discusses moving either the default database or any database to a new volume.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now