Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

group policy - cannot change deny logon on locally list

Posted on 2006-12-01
5
Medium Priority
?
1,854 Views
Last Modified: 2011-10-03
Hello,

I have a situation where a user is on the list to deny local logon and I want to remove him from this list. But when I go into the Deny log on locally settings the Add and Remove buttons are grayed out. Is there a reason why these buttons would be grayed out?

We use two Windows Server 2003 domain controllers with exchange server 2003, both are being used as a global catalogue.

Please help!

Thank you in advance,
Willi
0
Comment
Question by:daywilli
  • 3
  • 2
5 Comments
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 18055608
Where are you trying to change the settings - locally on the workstation, or at the domain level?  If locally at the workstation, are you logging on with a user ID that has administrative rights to the workstation?  If so, and it's still greyed out, then there must be some other group policy at a higher level (i.e., OU or domain) that is overriding the local setting.

Hope this helps!
0
 

Author Comment

by:daywilli
ID: 18056130

Thank you for your quick response.

Being logged in as a user with administrative privileges I would RUN gpedit.msc and try to change the deny access settings. The buttons are still grayed out so maybe a better question would be if I am opening the gpeditor at the domain level and if not how is that done?

BTW, what are the differences between opening the group policy editor at a domain level and local level being on the domain controller?

Thanks
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 18056224
The Local Security Policy management console that you open from the Administrative Tools menu on a workstation or member server, or that runs on a workstation when you run gpedit.msc, applies only to that computer.  It is overridden by any settings in the Domain Security Policy.  You can only open the Domain Security Policy console from a domain controller or other computer running the domain admin tools.  This Domain Security policy is domain-wide and any settings here will override settings in the Local Security Policy. It also has settings that are not available from the local security policy. Items that are greyed out in the local policy usually indicate that there is a setting at the domain level that's overriding it.  

Hope this helps!
0
 

Author Comment

by:daywilli
ID: 18068567
Hypercat,

I got ya. By opening gpedit through a tool such as AD users and computers and then opening the properties from the DC container I have access to change this list.

Issue solved. Thank you!
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 500 total points
ID: 18069159
Great! Glad I could help.

Deb
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question