Solved

Regular users cannot logon locally

Posted on 2010-08-13
6
600 Views
Last Modified: 2013-11-25
Hi,

Something got messed up in my windows 2003 server AD.
The clients that ARE NOT local admins cannot logon locally.

If I go to each clients machine and set the users group to be a member of the administrators group, then it works fine in windows xp forever, but I have a box with windows seven, and that configuration only works for a day. The next day, the users group are no longer members of the administrators group and so the regular users cannot logon to that machine.

I found that in the AD the domain users are not a member of the users group, so I added that configuration and it works until I refresh the GPO, then everything goes back to not working and the domain users are no longer members of the builtin users group.

How can I reset my gpo to the default ? I tried importing a GPO template, but there are so many template files that I dont know which one is the default.
Or is this happening because of something else ?
0
Comment
Question by:tarcis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 16

Assisted Solution

by:cantoris
cantoris earned 500 total points
ID: 33434226
Have you got any GPOs that are setting Restricted Group memberships?
Or have you used the "Deny Logon Locally" setting in a GPO and misconfigured either it or where it is applied?
0
 
LVL 2

Author Comment

by:tarcis
ID: 33434250
I remember trying to mess with that option, but on "Deny logon locally" only "SUPPORT_xxxxxx" is listed.
I dont have any important changes in the GPO, thats why I thought I could reset it to the default values, maybe I messed it up and dont remember.
0
 
LVL 16

Accepted Solution

by:
cantoris earned 500 total points
ID: 33435638
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Author Comment

by:tarcis
ID: 33457171
Sorry it took me a while to respond, I just got back from the weekend and just tryed reseting the gpo to both domain and gc, it seems to have worked since gpupdate /force no longer removes the domain users from the builtin users group.

Not I have to wait for tomorrow to see if all regular users can logon again.

THANK YOU!
0
 
LVL 2

Author Comment

by:tarcis
ID: 33457568
typos:

2nd line: "both domain and DC..."
5th line: "NOW i have to wait..."
0
 
LVL 2

Author Closing Comment

by:tarcis
ID: 33566904
It worked.
The problem indeed was the "domain users" not being a part of the "built-in users" on the AD.
And reseting the GPO did the trick.

Thank you so much.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question