Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Only Domain Admins can logon to domain computers interactively....help!

Posted on 2004-04-08
12
Medium Priority
?
731 Views
Last Modified: 2013-12-04
I have read every topic there is about this.  I understand completely Windows security and how the Group Policy works.  I just can't seem to make domain users about to interactively logon to domain computers.  Actually, up until yesterday it was not a problem.  We have a problem with the server (Windows Server 2003 Enterprise Edition) and had to repair from the source disc.  After that I can't get domain users logged in unless I also make them members of the Domain Admins group on the server.  I have verify that there are no "Deny local logins" and that it has not persisted to the domain computers.  They SHOULD be able to log in...but can't.  I am so frustrated.  What can I do???
0
Comment
Question by:kjboughton
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
12 Comments
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10789215
Have you also checked the "Log on Locally"'s as well as the Deny's?

Also as a test try rejoining one of the computers to the domain and then try logging in again.
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10789861
Anything in the domain controllers eventlog about it?

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 

Author Comment

by:kjboughton
ID: 10790787
Actually, just noticed that there is an event log entry stating that gpt.ini is missing for the expected location.  Next entry (also an error entry) states that group policy is being aborted.....how do I get this file back?  I don't mind having rebuild the entire group policy...I just need to get the network back to normal.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10791132
What are the actual event IDs themselves?
0
 

Author Comment

by:kjboughton
ID: 10795319
Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1058
Date:            04/09/04
Time:            2:38:23 AM
User:            NT AUTHORITY\SYSTEM
Computer:      SERVER
Description:
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=bainet,DC=local. The file must be present at the location <\\bainet.local\sysvol\bainet.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1030
Date:            04/09/04
Time:            2:38:23 AM
User:            NT AUTHORITY\SYSTEM
Computer:      SERVER
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 

Author Comment

by:kjboughton
ID: 10795434
Still no help.  For some reason they have to be members of the Administrator group to logon interactively....
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10800500
What's in the eventlog of your domain controller (bainet.local) at

Date:          04/09/04
Time:          2:38:23 AM
0
 
LVL 12

Accepted Solution

by:
trywaredk earned 1000 total points
ID: 10800502
Maybe try to remove the computer from your domain (into workgroup), and the back again into the domain !
0
 

Author Comment

by:kjboughton
ID: 10802297
I don't know why...sounds like an MS bug...but this worked!  THANKS!
0
 

Author Comment

by:kjboughton
ID: 10802305
Also, I had to log on to the system as the local administrator and delete all cached roaming profiles before I could re-establish the correct roaming profile.  Once all of this was done everyone was once again allowed to log on to the system interactively.
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10805396
:o) Glad I could help you - thank you for the points
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question