Can't log on localy to my own server - GPO Issue.

I am running a SBS 2003 server with all of the service packs installed (SP1 for Server 2003, Exchange SP1, SBS2003 SP1, etc). Everything was running fine until 2 days ago, when I went to log onto the server. Using the Admin credentials I got this at the log on:

"Local Policy of this system does not permit you to log on interactively."

This is the result attempting to use any user account, even those that are part of the Admin group (or any group for that matter).

This is the only server in the domain, so it is the stand-alone DC. Nothing was added or installed with the exception of a Microsoft Update pack that the Office Manager clicked "install" on when she was changing out the backup-tapes. The server has been re-booted 3 times since the updates/problems arose (after various attempts at a solution).

I can use Remote Desktop from inside the LAN to log onto the server using any Admin account. I also VPN in form home and have no issue logging onto the server from there. This problem only affects the local logon - IT STOPS IT.

GPO's are configured as follows:

DEFAULT DOMAIN SECURITY POLICY - User Rights Assignment:
Allow Log on Locally - Not Defined
Deny Log on Locally - Not Defined

Security Options - Interactive Logon None of 10 are Defined (All "Not Defined")

DOMAIN SECURITY POLICY -
Allow Log on Locally - Not defined
Deny Log on Locally - Not Defined

Security Options - Interactive Logon None of 10 are Defined (All "Not Defined")

I had previously installed the Microsoft Windows 2003 Resource Kit so I have RUN:
ntrights -m \\computer -u user to remove -r SeDenyInteractiveLogonRight

This was to remove any local logon restrictions from the Admin account. The prompt was "success" when it finished but I still cannot log on to the server locally.

As you can imagine, being locked out of my own server is not only a problem... it is making me look like an idiot to the guys who cut my checks. Switching backup tapes will be an issue by the weekend.

Anyone got a line on this?

Again, this is a single server domain. It has 15 clients on the LAN, 5 of which are MAC-OX machines running MS Office for MAC (Entourage to connect to Exchange). I have an additional 15 users in AD who are over-seas and use the Exchange and its OWA only. I am pushing it with user account licenses for SBS2003 I think (Each local user has at least one alias account that is used to POP mail out of for a 2nd/3rd hosted domain) but that should not effect the Server local log-on.

Like I said, "Anyone... Anyone..."

Thanks,
-MP
LVL 3
mojopojoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mojopojoAuthor Commented:
Oh yea:

I have also tried defining the "Allow Log on Locally" policy in both interfaces with permissions for the Administrator, Administrators (Group), Domain Admins... and as a last ditch effort "Domain Users".

Still no deal.

0
TheCleanerCommented:
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mojopojoAuthor Commented:
You could not better describe my problem if you were to have written that KB article yourself AFTER I posted the question. I drudged through the MS KB for the last 48 hours and somehow did not hit on this.

Thanks for the quick gun on this.

Unfortunately by the time I got here I was locked out of the office. I made the user/group membership changes via desktop-remote/VPM. I'll know in the morning and post the results. But I will sleep better tonight believing that this is the fix.

I'll post when I know.

Thanks.
0
mojopojoAuthor Commented:
Spot right on.

Thanks to TheCleaner.

0
TheCleanerCommented:
Very welcome....thanks for the points.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.