?
Solved

Only Domain Admins can logon to domain computers interactively....help!

Posted on 2004-04-08
12
Medium Priority
?
727 Views
Last Modified: 2013-12-04
I have read every topic there is about this.  I understand completely Windows security and how the Group Policy works.  I just can't seem to make domain users about to interactively logon to domain computers.  Actually, up until yesterday it was not a problem.  We have a problem with the server (Windows Server 2003 Enterprise Edition) and had to repair from the source disc.  After that I can't get domain users logged in unless I also make them members of the Domain Admins group on the server.  I have verify that there are no "Deny local logins" and that it has not persisted to the domain computers.  They SHOULD be able to log in...but can't.  I am so frustrated.  What can I do???
0
Comment
Question by:kjboughton
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
12 Comments
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10789215
Have you also checked the "Log on Locally"'s as well as the Deny's?

Also as a test try rejoining one of the computers to the domain and then try logging in again.
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10789861
Anything in the domain controllers eventlog about it?

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 

Author Comment

by:kjboughton
ID: 10790787
Actually, just noticed that there is an event log entry stating that gpt.ini is missing for the expected location.  Next entry (also an error entry) states that group policy is being aborted.....how do I get this file back?  I don't mind having rebuild the entire group policy...I just need to get the network back to normal.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10791132
What are the actual event IDs themselves?
0
 

Author Comment

by:kjboughton
ID: 10795319
Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1058
Date:            04/09/04
Time:            2:38:23 AM
User:            NT AUTHORITY\SYSTEM
Computer:      SERVER
Description:
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=bainet,DC=local. The file must be present at the location <\\bainet.local\sysvol\bainet.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1030
Date:            04/09/04
Time:            2:38:23 AM
User:            NT AUTHORITY\SYSTEM
Computer:      SERVER
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 

Author Comment

by:kjboughton
ID: 10795434
Still no help.  For some reason they have to be members of the Administrator group to logon interactively....
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10800500
What's in the eventlog of your domain controller (bainet.local) at

Date:          04/09/04
Time:          2:38:23 AM
0
 
LVL 12

Accepted Solution

by:
trywaredk earned 1000 total points
ID: 10800502
Maybe try to remove the computer from your domain (into workgroup), and the back again into the domain !
0
 

Author Comment

by:kjboughton
ID: 10802297
I don't know why...sounds like an MS bug...but this worked!  THANKS!
0
 

Author Comment

by:kjboughton
ID: 10802305
Also, I had to log on to the system as the local administrator and delete all cached roaming profiles before I could re-establish the correct roaming profile.  Once all of this was done everyone was once again allowed to log on to the system interactively.
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10805396
:o) Glad I could help you - thank you for the points
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question