Solved

Regular users cannot logon locally

Posted on 2010-08-13
6
592 Views
Last Modified: 2013-11-25
Hi,

Something got messed up in my windows 2003 server AD.
The clients that ARE NOT local admins cannot logon locally.

If I go to each clients machine and set the users group to be a member of the administrators group, then it works fine in windows xp forever, but I have a box with windows seven, and that configuration only works for a day. The next day, the users group are no longer members of the administrators group and so the regular users cannot logon to that machine.

I found that in the AD the domain users are not a member of the users group, so I added that configuration and it works until I refresh the GPO, then everything goes back to not working and the domain users are no longer members of the builtin users group.

How can I reset my gpo to the default ? I tried importing a GPO template, but there are so many template files that I dont know which one is the default.
Or is this happening because of something else ?
0
Comment
Question by:tarcis
  • 4
  • 2
6 Comments
 
LVL 16

Assisted Solution

by:cantoris
cantoris earned 500 total points
ID: 33434226
Have you got any GPOs that are setting Restricted Group memberships?
Or have you used the "Deny Logon Locally" setting in a GPO and misconfigured either it or where it is applied?
0
 
LVL 2

Author Comment

by:tarcis
ID: 33434250
I remember trying to mess with that option, but on "Deny logon locally" only "SUPPORT_xxxxxx" is listed.
I dont have any important changes in the GPO, thats why I thought I could reset it to the default values, maybe I messed it up and dont remember.
0
 
LVL 16

Accepted Solution

by:
cantoris earned 500 total points
ID: 33435638
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 2

Author Comment

by:tarcis
ID: 33457171
Sorry it took me a while to respond, I just got back from the weekend and just tryed reseting the gpo to both domain and gc, it seems to have worked since gpupdate /force no longer removes the domain users from the builtin users group.

Not I have to wait for tomorrow to see if all regular users can logon again.

THANK YOU!
0
 
LVL 2

Author Comment

by:tarcis
ID: 33457568
typos:

2nd line: "both domain and DC..."
5th line: "NOW i have to wait..."
0
 
LVL 2

Author Closing Comment

by:tarcis
ID: 33566904
It worked.
The problem indeed was the "domain users" not being a part of the "built-in users" on the AD.
And reseting the GPO did the trick.

Thank you so much.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

In Agile (http://en.wikipedia.org/wiki/Agile_software_development), time and again people ask this question "How would you estimate a release for a product?". When it comes from management they want to know the following: Calculate the man hours wh…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now