Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

group policy - cannot change deny logon on locally list

Posted on 2006-12-01
5
Medium Priority
?
1,789 Views
Last Modified: 2011-10-03
Hello,

I have a situation where a user is on the list to deny local logon and I want to remove him from this list. But when I go into the Deny log on locally settings the Add and Remove buttons are grayed out. Is there a reason why these buttons would be grayed out?

We use two Windows Server 2003 domain controllers with exchange server 2003, both are being used as a global catalogue.

Please help!

Thank you in advance,
Willi
0
Comment
Question by:daywilli
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 18055608
Where are you trying to change the settings - locally on the workstation, or at the domain level?  If locally at the workstation, are you logging on with a user ID that has administrative rights to the workstation?  If so, and it's still greyed out, then there must be some other group policy at a higher level (i.e., OU or domain) that is overriding the local setting.

Hope this helps!
0
 

Author Comment

by:daywilli
ID: 18056130

Thank you for your quick response.

Being logged in as a user with administrative privileges I would RUN gpedit.msc and try to change the deny access settings. The buttons are still grayed out so maybe a better question would be if I am opening the gpeditor at the domain level and if not how is that done?

BTW, what are the differences between opening the group policy editor at a domain level and local level being on the domain controller?

Thanks
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 18056224
The Local Security Policy management console that you open from the Administrative Tools menu on a workstation or member server, or that runs on a workstation when you run gpedit.msc, applies only to that computer.  It is overridden by any settings in the Domain Security Policy.  You can only open the Domain Security Policy console from a domain controller or other computer running the domain admin tools.  This Domain Security policy is domain-wide and any settings here will override settings in the Local Security Policy. It also has settings that are not available from the local security policy. Items that are greyed out in the local policy usually indicate that there is a setting at the domain level that's overriding it.  

Hope this helps!
0
 

Author Comment

by:daywilli
ID: 18068567
Hypercat,

I got ya. By opening gpedit through a tool such as AD users and computers and then opening the properties from the DC container I have access to change this list.

Issue solved. Thank you!
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 500 total points
ID: 18069159
Great! Glad I could help.

Deb
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question