Solved

Unable to Logon Locally using domain Admin account

Posted on 2008-06-17
4
866 Views
Last Modified: 2013-12-05
Hi,
Could someone guide me on this issue. We have a windows 2000 DC and another server running win"K with exchagne server 2K installed on it. When I try to log on to this second server locally using a domain admin account it does not allow me. But when i try to do so using another account which also has domain admin privilliges, it does log me on.
Just wondering what causes this issue?

Please advice.....

Regards,
Naga.
0
Comment
Question by:nvrkakarla
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 8

Assisted Solution

by:Sinder255248
Sinder255248 earned 100 total points
ID: 21801356
It could be that it's your first account is denied access in the RDP protocol, Administrative Tools -->  Terminal services config -->  Right click RDP -->  Properties --> Permissions Tab.

Or it could be in group policy -->  Comp Config --> Windows settings -->  Security --> Local Policies -->  User rights assignments

Check these policies under the above location:

Allow logon locally
Allow logon through terminal services
Deny logon locally
Deny logon through terminal services
0
 

Author Comment

by:nvrkakarla
ID: 21801436
Hi Sinder,
thanks for your reply.
Just like to add to my question that this first account does allow me to logon using remote desktop, but when i use the same to logon locall on the server, it denies me!

pleae advice...

Regards,
Naga.
0
 
LVL 7

Accepted Solution

by:
ms-pro earned 200 total points
ID: 21802303
To permit users to log on locally to a domain controller
1.
 Open Domain Controller Security Policy.
 
2.
 In the console tree, click User Rights Assignment.
 
3.
 In the details pane, double-click Allow log on locally.
 
4.
 If this security setting has not yet been defined, select the Define these policy settings check box, and click Add User or Group.
 
5.
 In Add user or group, specify the user or group who will be granted permission to log on locally, and then click OK twice.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23460418.html
0
 
LVL 31

Assisted Solution

by:Henrik Johansson
Henrik Johansson earned 200 total points
ID: 21808101
As you can log on through RDP to the Exchange server, it's a problem with the right to logon locally on that computer.
The user rights assignment for allow or deny logging on locally has been defined in the local security policy (gpedit.msc) on the Exchange server or in a GPO linked to the OU-structure containing the Exchange server. If listed as deny, it will override the allow permission.
Run rsop.msc to see what policy is defining the user right. Expand Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment
* Allow log on locally
* Deny log on locally
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Static IP Address Assignment 10 77
Exchange Server 2013 Message Tracking log Powershell ? 11 83
Powershell script for inactive computer accounts 3 22
Unable to hit site 2 29
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question