Solved

Remove User from "Local Security Settings" policiy

Posted on 2003-11-17
6
939 Views
Last Modified: 2010-04-14
I don't know why I am not able to remove users from my "Local Security Settings" for various policies on my Domain Controller.  It is causing some errors in the logs because there is a user that is assigned able to "Log in as batch job", yet this user account has been removed.

I am able to add any number of users I want to this, or any security policy, but there does not seems to be a way for me to remove the user.  I cannot change the "Effective Setting" of the policies either, as they are greyed out.  Thanks for the help...Not sure what I am missing.
0
Comment
Question by:barthalamu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 5

Expert Comment

by:juliancrawford
ID: 9768300
Have you tried to use the command prompt.

>net users  
<--- to list the users

>net user test /del
<---- to remove username test
0
 

Author Comment

by:barthalamu
ID: 9772085
Juliancrawford:

The problem is that the user does not exist at all anymore.  The IUSR_computername user has been removed by uninstalling IIS, however in my "Local Security Policy", the user appears in a couple of policies.  This is causing some errors, and I cannot remove the user from the "Local Security Policy".  When I go to "Security" of a particular rule, I have an add button, but no remove button.

Thanks for the help.
0
 
LVL 85

Expert Comment

by:oBdA
ID: 9772768
Simply uncheck the box at the "Local Policy Setting" for the user in question.
Restart secpol.msc to actually see the change.
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 

Author Comment

by:barthalamu
ID: 9773220
oBdA:

Maybe I am still doing something wrong, but when I execute secpol.msc, then make my changes, then click on the top of the heirarchy "Security Settings", "Reload", it does not reflect the changes I made.  I.E. I uncheck the IUSR_computername user from the "local setting" of a rule. (it has an effective setting greyed out as checked)  After I reload, it does not take the IUSR_computername user out of the "Effective Settings" for that rule.

Thanks for the help.
0
 
LVL 85

Accepted Solution

by:
oBdA earned 350 total points
ID: 9773532
If it's unchecked in your "Local Settings", but still checked in the "Effective Settings", it's coming from a domain policy.
You can use gpresult.exe from the Resource Kit (or from http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/gpresult-o.asp) to find out where it's coming from.
0
 

Author Comment

by:barthalamu
ID: 9774131
oBdA:

Thanks for the help!!  This tool did not actually tell me what I wanted, since it works for the currently logged in user only. (and the user I was looking for was actually deleted, but the security policy was still in place for that user)  It did get me on the right track however.  I had though that I checked if it was coming from the "Domain Controller Security Policy", however I looked in the "Domain Security Policy" instead, where I did not see it of course.  I realized my mistake at that point and was able to fix it.

Thanks to you and juliancrawford for the help!
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this post we will be converting StringData saved within a text file into a hash table. This can be further used in a PowerShell script for replacing settings that are dynamic in nature from environment to environment.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question