Something got messed up in my windows 2003 server AD.
The clients that ARE NOT local admins cannot logon locally.
If I go to each clients machine and set the users group to be a member of the administrators group, then it works fine in windows xp forever, but I have a box with windows seven, and that configuration only works for a day. The next day, the users group are no longer members of the administrators group and so the regular users cannot logon to that machine.
I found that in the AD the domain users are not a member of the users group, so I added that configuration and it works until I refresh the GPO, then everything goes back to not working and the domain users are no longer members of the builtin users group.
How can I reset my gpo to the default ? I tried importing a GPO template, but there are so many template files that I dont know which one is the default.
Or is this happening because of something else ?