Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Regular users cannot logon locally

Posted on 2010-08-13
6
Medium Priority
?
606 Views
Last Modified: 2013-11-25
Hi,

Something got messed up in my windows 2003 server AD.
The clients that ARE NOT local admins cannot logon locally.

If I go to each clients machine and set the users group to be a member of the administrators group, then it works fine in windows xp forever, but I have a box with windows seven, and that configuration only works for a day. The next day, the users group are no longer members of the administrators group and so the regular users cannot logon to that machine.

I found that in the AD the domain users are not a member of the users group, so I added that configuration and it works until I refresh the GPO, then everything goes back to not working and the domain users are no longer members of the builtin users group.

How can I reset my gpo to the default ? I tried importing a GPO template, but there are so many template files that I dont know which one is the default.
Or is this happening because of something else ?
0
Comment
Question by:tarcis
  • 4
  • 2
6 Comments
 
LVL 16

Assisted Solution

by:cantoris
cantoris earned 2000 total points
ID: 33434226
Have you got any GPOs that are setting Restricted Group memberships?
Or have you used the "Deny Logon Locally" setting in a GPO and misconfigured either it or where it is applied?
0
 
LVL 2

Author Comment

by:tarcis
ID: 33434250
I remember trying to mess with that option, but on "Deny logon locally" only "SUPPORT_xxxxxx" is listed.
I dont have any important changes in the GPO, thats why I thought I could reset it to the default values, maybe I messed it up and dont remember.
0
 
LVL 16

Accepted Solution

by:
cantoris earned 2000 total points
ID: 33435638
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
LVL 2

Author Comment

by:tarcis
ID: 33457171
Sorry it took me a while to respond, I just got back from the weekend and just tryed reseting the gpo to both domain and gc, it seems to have worked since gpupdate /force no longer removes the domain users from the builtin users group.

Not I have to wait for tomorrow to see if all regular users can logon again.

THANK YOU!
0
 
LVL 2

Author Comment

by:tarcis
ID: 33457568
typos:

2nd line: "both domain and DC..."
5th line: "NOW i have to wait..."
0
 
LVL 2

Author Closing Comment

by:tarcis
ID: 33566904
It worked.
The problem indeed was the "domain users" not being a part of the "built-in users" on the AD.
And reseting the GPO did the trick.

Thank you so much.
0

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Successful collaboration among team members is essential for the growth of your business. When employees work together on projects, share ideas and communicate effectively they get better results.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Introduction to Processes
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

576 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question