Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 164
  • Last Modified:

Changed security policy for local and domain log on rights but still not working

I am running Server 2003 on 2 machines.  Both are DC's I have given an OU rights to log on locally as well as through terminal services in both the domain security policy and the domain security policy. Still only my admins can log in. The problem is only on the newer DC and not the original. Also, if i try to DCPromo and demote the newer server i get authentication errors even when using the admins account.

Thanks for your help.
0
MarcRajs
Asked:
MarcRajs
1 Solution
 
Chris DentPowerShell DeveloperCommented:

The security policy applied to Domain Controllers comes from the Default Domain Controllers Policy, not the Default Domain Policy.

The difference is extremely important. The Default Domain Controllers Policy contains a large number of settings for the DCs that define access to pretty much everything they do. This is part of the reason why it is important that DCs remain in the Domain Controllers OU.

Chris
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now