Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

group policy - cannot change deny logon on locally list

Posted on 2006-12-01
5
1,590 Views
Last Modified: 2011-10-03
Hello,

I have a situation where a user is on the list to deny local logon and I want to remove him from this list. But when I go into the Deny log on locally settings the Add and Remove buttons are grayed out. Is there a reason why these buttons would be grayed out?

We use two Windows Server 2003 domain controllers with exchange server 2003, both are being used as a global catalogue.

Please help!

Thank you in advance,
Willi
0
Comment
Question by:daywilli
  • 3
  • 2
5 Comments
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 18055608
Where are you trying to change the settings - locally on the workstation, or at the domain level?  If locally at the workstation, are you logging on with a user ID that has administrative rights to the workstation?  If so, and it's still greyed out, then there must be some other group policy at a higher level (i.e., OU or domain) that is overriding the local setting.

Hope this helps!
0
 

Author Comment

by:daywilli
ID: 18056130

Thank you for your quick response.

Being logged in as a user with administrative privileges I would RUN gpedit.msc and try to change the deny access settings. The buttons are still grayed out so maybe a better question would be if I am opening the gpeditor at the domain level and if not how is that done?

BTW, what are the differences between opening the group policy editor at a domain level and local level being on the domain controller?

Thanks
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 18056224
The Local Security Policy management console that you open from the Administrative Tools menu on a workstation or member server, or that runs on a workstation when you run gpedit.msc, applies only to that computer.  It is overridden by any settings in the Domain Security Policy.  You can only open the Domain Security Policy console from a domain controller or other computer running the domain admin tools.  This Domain Security policy is domain-wide and any settings here will override settings in the Local Security Policy. It also has settings that are not available from the local security policy. Items that are greyed out in the local policy usually indicate that there is a setting at the domain level that's overriding it.  

Hope this helps!
0
 

Author Comment

by:daywilli
ID: 18068567
Hypercat,

I got ya. By opening gpedit through a tool such as AD users and computers and then opening the properties from the DC container I have access to change this list.

Issue solved. Thank you!
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 125 total points
ID: 18069159
Great! Glad I could help.

Deb
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question