Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Regular users cannot logon locally

Posted on 2010-08-13
6
Medium Priority
?
604 Views
Last Modified: 2013-11-25
Hi,

Something got messed up in my windows 2003 server AD.
The clients that ARE NOT local admins cannot logon locally.

If I go to each clients machine and set the users group to be a member of the administrators group, then it works fine in windows xp forever, but I have a box with windows seven, and that configuration only works for a day. The next day, the users group are no longer members of the administrators group and so the regular users cannot logon to that machine.

I found that in the AD the domain users are not a member of the users group, so I added that configuration and it works until I refresh the GPO, then everything goes back to not working and the domain users are no longer members of the builtin users group.

How can I reset my gpo to the default ? I tried importing a GPO template, but there are so many template files that I dont know which one is the default.
Or is this happening because of something else ?
0
Comment
Question by:tarcis
  • 4
  • 2
6 Comments
 
LVL 16

Assisted Solution

by:cantoris
cantoris earned 2000 total points
ID: 33434226
Have you got any GPOs that are setting Restricted Group memberships?
Or have you used the "Deny Logon Locally" setting in a GPO and misconfigured either it or where it is applied?
0
 
LVL 2

Author Comment

by:tarcis
ID: 33434250
I remember trying to mess with that option, but on "Deny logon locally" only "SUPPORT_xxxxxx" is listed.
I dont have any important changes in the GPO, thats why I thought I could reset it to the default values, maybe I messed it up and dont remember.
0
 
LVL 16

Accepted Solution

by:
cantoris earned 2000 total points
ID: 33435638
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 2

Author Comment

by:tarcis
ID: 33457171
Sorry it took me a while to respond, I just got back from the weekend and just tryed reseting the gpo to both domain and gc, it seems to have worked since gpupdate /force no longer removes the domain users from the builtin users group.

Not I have to wait for tomorrow to see if all regular users can logon again.

THANK YOU!
0
 
LVL 2

Author Comment

by:tarcis
ID: 33457568
typos:

2nd line: "both domain and DC..."
5th line: "NOW i have to wait..."
0
 
LVL 2

Author Closing Comment

by:tarcis
ID: 33566904
It worked.
The problem indeed was the "domain users" not being a part of the "built-in users" on the AD.
And reseting the GPO did the trick.

Thank you so much.
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Successful collaboration among team members is essential for the growth of your business. When employees work together on projects, share ideas and communicate effectively they get better results.
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question