Remove User from "Local Security Settings" policiy

I don't know why I am not able to remove users from my "Local Security Settings" for various policies on my Domain Controller.  It is causing some errors in the logs because there is a user that is assigned able to "Log in as batch job", yet this user account has been removed.

I am able to add any number of users I want to this, or any security policy, but there does not seems to be a way for me to remove the user.  I cannot change the "Effective Setting" of the policies either, as they are greyed out.  Thanks for the help...Not sure what I am missing.
barthalamuAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

juliancrawfordCommented:
Have you tried to use the command prompt.

>net users  
<--- to list the users

>net user test /del
<---- to remove username test
0
barthalamuAuthor Commented:
Juliancrawford:

The problem is that the user does not exist at all anymore.  The IUSR_computername user has been removed by uninstalling IIS, however in my "Local Security Policy", the user appears in a couple of policies.  This is causing some errors, and I cannot remove the user from the "Local Security Policy".  When I go to "Security" of a particular rule, I have an add button, but no remove button.

Thanks for the help.
0
oBdACommented:
Simply uncheck the box at the "Local Policy Setting" for the user in question.
Restart secpol.msc to actually see the change.
0
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

barthalamuAuthor Commented:
oBdA:

Maybe I am still doing something wrong, but when I execute secpol.msc, then make my changes, then click on the top of the heirarchy "Security Settings", "Reload", it does not reflect the changes I made.  I.E. I uncheck the IUSR_computername user from the "local setting" of a rule. (it has an effective setting greyed out as checked)  After I reload, it does not take the IUSR_computername user out of the "Effective Settings" for that rule.

Thanks for the help.
0
oBdACommented:
If it's unchecked in your "Local Settings", but still checked in the "Effective Settings", it's coming from a domain policy.
You can use gpresult.exe from the Resource Kit (or from http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/gpresult-o.asp) to find out where it's coming from.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
barthalamuAuthor Commented:
oBdA:

Thanks for the help!!  This tool did not actually tell me what I wanted, since it works for the currently logged in user only. (and the user I was looking for was actually deleted, but the security policy was still in place for that user)  It did get me on the right track however.  I had though that I checked if it was coming from the "Domain Controller Security Policy", however I looked in the "Domain Security Policy" instead, where I did not see it of course.  I realized my mistake at that point and was able to fix it.

Thanks to you and juliancrawford for the help!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.