Solved

Changed security policy for local and domain log on rights but still not working

Posted on 2008-10-16
2
157 Views
Last Modified: 2013-12-04
I am running Server 2003 on 2 machines.  Both are DC's I have given an OU rights to log on locally as well as through terminal services in both the domain security policy and the domain security policy. Still only my admins can log in. The problem is only on the newer DC and not the original. Also, if i try to DCPromo and demote the newer server i get authentication errors even when using the admins account.

Thanks for your help.
0
Comment
Question by:MarcRajs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 22738833

The security policy applied to Domain Controllers comes from the Default Domain Controllers Policy, not the Default Domain Policy.

The difference is extremely important. The Default Domain Controllers Policy contains a large number of settings for the DCs that define access to pretty much everything they do. This is part of the reason why it is important that DCs remain in the Domain Controllers OU.

Chris
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article runs through the process of deploying a single EXE application selectively to a group of user.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question