Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Changed security policy for local and domain log on rights but still not working

Posted on 2008-10-16
2
Medium Priority
?
162 Views
Last Modified: 2013-12-04
I am running Server 2003 on 2 machines.  Both are DC's I have given an OU rights to log on locally as well as through terminal services in both the domain security policy and the domain security policy. Still only my admins can log in. The problem is only on the newer DC and not the original. Also, if i try to DCPromo and demote the newer server i get authentication errors even when using the admins account.

Thanks for your help.
0
Comment
Question by:MarcRajs
1 Comment
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 22738833

The security policy applied to Domain Controllers comes from the Default Domain Controllers Policy, not the Default Domain Policy.

The difference is extremely important. The Default Domain Controllers Policy contains a large number of settings for the DCs that define access to pretty much everything they do. This is part of the reason why it is important that DCs remain in the Domain Controllers OU.

Chris
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question