• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 733
  • Last Modified:

Only Domain Admins can logon to domain computers interactively....help!

I have read every topic there is about this.  I understand completely Windows security and how the Group Policy works.  I just can't seem to make domain users about to interactively logon to domain computers.  Actually, up until yesterday it was not a problem.  We have a problem with the server (Windows Server 2003 Enterprise Edition) and had to repair from the source disc.  After that I can't get domain users logged in unless I also make them members of the Domain Admins group on the server.  I have verify that there are no "Deny local logins" and that it has not persisted to the domain computers.  They SHOULD be able to log in...but can't.  I am so frustrated.  What can I do???
0
kjboughton
Asked:
kjboughton
  • 5
  • 4
  • 3
1 Solution
 
Gareth GudgerCommented:
Have you also checked the "Log on Locally"'s as well as the Deny's?

Also as a test try rejoining one of the computers to the domain and then try logging in again.
0
 
trywaredkCommented:
Anything in the domain controllers eventlog about it?

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 
kjboughtonAuthor Commented:
Actually, just noticed that there is an event log entry stating that gpt.ini is missing for the expected location.  Next entry (also an error entry) states that group policy is being aborted.....how do I get this file back?  I don't mind having rebuild the entire group policy...I just need to get the network back to normal.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Gareth GudgerCommented:
What are the actual event IDs themselves?
0
 
kjboughtonAuthor Commented:
Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1058
Date:            04/09/04
Time:            2:38:23 AM
User:            NT AUTHORITY\SYSTEM
Computer:      SERVER
Description:
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=bainet,DC=local. The file must be present at the location <\\bainet.local\sysvol\bainet.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1030
Date:            04/09/04
Time:            2:38:23 AM
User:            NT AUTHORITY\SYSTEM
Computer:      SERVER
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 
kjboughtonAuthor Commented:
Still no help.  For some reason they have to be members of the Administrator group to logon interactively....
0
 
trywaredkCommented:
What's in the eventlog of your domain controller (bainet.local) at

Date:          04/09/04
Time:          2:38:23 AM
0
 
trywaredkCommented:
Maybe try to remove the computer from your domain (into workgroup), and the back again into the domain !
0
 
kjboughtonAuthor Commented:
I don't know why...sounds like an MS bug...but this worked!  THANKS!
0
 
kjboughtonAuthor Commented:
Also, I had to log on to the system as the local administrator and delete all cached roaming profiles before I could re-establish the correct roaming profile.  Once all of this was done everyone was once again allowed to log on to the system interactively.
0
 
trywaredkCommented:
:o) Glad I could help you - thank you for the points
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now