Solved

group policy - cannot change deny logon on locally list

Posted on 2006-12-01
5
1,496 Views
Last Modified: 2011-10-03
Hello,

I have a situation where a user is on the list to deny local logon and I want to remove him from this list. But when I go into the Deny log on locally settings the Add and Remove buttons are grayed out. Is there a reason why these buttons would be grayed out?

We use two Windows Server 2003 domain controllers with exchange server 2003, both are being used as a global catalogue.

Please help!

Thank you in advance,
Willi
0
Comment
Question by:daywilli
  • 3
  • 2
5 Comments
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 18055608
Where are you trying to change the settings - locally on the workstation, or at the domain level?  If locally at the workstation, are you logging on with a user ID that has administrative rights to the workstation?  If so, and it's still greyed out, then there must be some other group policy at a higher level (i.e., OU or domain) that is overriding the local setting.

Hope this helps!
0
 

Author Comment

by:daywilli
ID: 18056130

Thank you for your quick response.

Being logged in as a user with administrative privileges I would RUN gpedit.msc and try to change the deny access settings. The buttons are still grayed out so maybe a better question would be if I am opening the gpeditor at the domain level and if not how is that done?

BTW, what are the differences between opening the group policy editor at a domain level and local level being on the domain controller?

Thanks
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 18056224
The Local Security Policy management console that you open from the Administrative Tools menu on a workstation or member server, or that runs on a workstation when you run gpedit.msc, applies only to that computer.  It is overridden by any settings in the Domain Security Policy.  You can only open the Domain Security Policy console from a domain controller or other computer running the domain admin tools.  This Domain Security policy is domain-wide and any settings here will override settings in the Local Security Policy. It also has settings that are not available from the local security policy. Items that are greyed out in the local policy usually indicate that there is a setting at the domain level that's overriding it.  

Hope this helps!
0
 

Author Comment

by:daywilli
ID: 18068567
Hypercat,

I got ya. By opening gpedit through a tool such as AD users and computers and then opening the properties from the DC container I have access to change this list.

Issue solved. Thank you!
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 125 total points
ID: 18069159
Great! Glad I could help.

Deb
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now