Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Changed security policy for local and domain log on rights but still not working

Posted on 2008-10-16
2
Medium Priority
?
161 Views
Last Modified: 2013-12-04
I am running Server 2003 on 2 machines.  Both are DC's I have given an OU rights to log on locally as well as through terminal services in both the domain security policy and the domain security policy. Still only my admins can log in. The problem is only on the newer DC and not the original. Also, if i try to DCPromo and demote the newer server i get authentication errors even when using the admins account.

Thanks for your help.
0
Comment
Question by:MarcRajs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 22738833

The security policy applied to Domain Controllers comes from the Default Domain Controllers Policy, not the Default Domain Policy.

The difference is extremely important. The Default Domain Controllers Policy contains a large number of settings for the DCs that define access to pretty much everything they do. This is part of the reason why it is important that DCs remain in the Domain Controllers OU.

Chris
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question