Solved

Only Domain Admins can logon to domain computers interactively....help!

Posted on 2004-04-08
12
716 Views
Last Modified: 2013-12-04
I have read every topic there is about this.  I understand completely Windows security and how the Group Policy works.  I just can't seem to make domain users about to interactively logon to domain computers.  Actually, up until yesterday it was not a problem.  We have a problem with the server (Windows Server 2003 Enterprise Edition) and had to repair from the source disc.  After that I can't get domain users logged in unless I also make them members of the Domain Admins group on the server.  I have verify that there are no "Deny local logins" and that it has not persisted to the domain computers.  They SHOULD be able to log in...but can't.  I am so frustrated.  What can I do???
0
Comment
Question by:kjboughton
  • 5
  • 4
  • 3
12 Comments
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10789215
Have you also checked the "Log on Locally"'s as well as the Deny's?

Also as a test try rejoining one of the computers to the domain and then try logging in again.
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10789861
Anything in the domain controllers eventlog about it?

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 

Author Comment

by:kjboughton
ID: 10790787
Actually, just noticed that there is an event log entry stating that gpt.ini is missing for the expected location.  Next entry (also an error entry) states that group policy is being aborted.....how do I get this file back?  I don't mind having rebuild the entire group policy...I just need to get the network back to normal.
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10791132
What are the actual event IDs themselves?
0
 

Author Comment

by:kjboughton
ID: 10795319
Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1058
Date:            04/09/04
Time:            2:38:23 AM
User:            NT AUTHORITY\SYSTEM
Computer:      SERVER
Description:
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=bainet,DC=local. The file must be present at the location <\\bainet.local\sysvol\bainet.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1030
Date:            04/09/04
Time:            2:38:23 AM
User:            NT AUTHORITY\SYSTEM
Computer:      SERVER
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10795328
0
 

Author Comment

by:kjboughton
ID: 10795434
Still no help.  For some reason they have to be members of the Administrator group to logon interactively....
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10800500
What's in the eventlog of your domain controller (bainet.local) at

Date:          04/09/04
Time:          2:38:23 AM
0
 
LVL 12

Accepted Solution

by:
trywaredk earned 250 total points
ID: 10800502
Maybe try to remove the computer from your domain (into workgroup), and the back again into the domain !
0
 

Author Comment

by:kjboughton
ID: 10802297
I don't know why...sounds like an MS bug...but this worked!  THANKS!
0
 

Author Comment

by:kjboughton
ID: 10802305
Also, I had to log on to the system as the local administrator and delete all cached roaming profiles before I could re-establish the correct roaming profile.  Once all of this was done everyone was once again allowed to log on to the system interactively.
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10805396
:o) Glad I could help you - thank you for the points
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

805 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question