?
Solved

Why can only administrators login interactively into one of my computers with Windows XP?

Posted on 2011-03-25
12
Medium Priority
?
516 Views
Last Modified: 2012-05-11
When I try to login any user that is not an admin I get the attached error message. I then went to local policy to add users that can login locally
(see attached) and can not modify settings as they are greyed out. In addition, a couple of users that are defined by a long string of characters starting
with *S-1-5... are included as having permission. Who are these users and why can I not modify these settings as an admin? Thanks
localpolicyerror.png
loczal-login-issueEE.png
0
Comment
Question by:PDSWSS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +2
12 Comments
 
LVL 3

Expert Comment

by:residents
ID: 35218005
You need to allow the specific user remote access to the computer. Login as administrator then go to Start, Right click my computer, properties, in the remote tab make sure remote desktop is turned on and choose "Select remote users" and add them there.
0
 
LVL 12

Assisted Solution

by:nsx106052
nsx106052 earned 400 total points
ID: 35218024
Users that start out with *S-1-5. are old users accounts that have been deleted.  These users should be removed.  

If the local security policy is grayed out you will need to find out what group policy object is pushing down these settings so they can be changed.  
0
 

Author Comment

by:PDSWSS
ID: 35219159
residents: This post is probably not clear enough. These messages are from a local not remote login. Thanks
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 4

Expert Comment

by:bhartwell
ID: 35219554
If you find that there is no Group Policy pushing down these changes you can try doing these steps if you feel comfortable enough doing it.

1. Open the %Systemroot%\Security\Database folder.
2. Rename the Secedit.sdb file.
3. Copy a good copy from another good XP workstation.
4. Restart the computer.

or do this if you think the policy got corrupted somehow:

1. Rename it to "secedit.old" instead of "secedit.sdb"
2. Start - Run - CMD
3. At the command prompt type "secedit /refreshpolicy machine_policy
/enforce" (without the quotes of course) this should recreate the secedit.sdb file.
0
 

Author Comment

by:PDSWSS
ID: 35219697
How do I get to group policy for the local computer. The group policy I am familiar with is part of active directory. Thanks,
0
 
LVL 4

Accepted Solution

by:
bhartwell earned 1600 total points
ID: 35219763
When i mentioned Group Policy i was referring to your active directory server. Go to a run prompt and type in "rsop.msc" then expand "Windows Settings"--> Security Settings--> "Local Policies" -->"User rights assignment". then find the "log on locally" policy and see if it is defined, if it is then you have proven that a Group Policy is being applied to it from the domain level. In which case you will need to find that Specific GPO and modify accordingly. Hope that helps.
0
 
LVL 4

Expert Comment

by:bhartwell
ID: 35219771
Sorry, i meant to add that the RSOP steps i mentioned above should be applied to the local computer having the issues.
0
 

Author Comment

by:PDSWSS
ID: 35219819
Thanks. I am not a domain admin so I would not have access to the AD group policy. I don't see how the AD group policy would be blocking local logins on my computer since local user accounts can log into other PCs in this domain.  However, I will look into this possibility.
Any other ideas?
0
 
LVL 4

Expert Comment

by:bhartwell
ID: 35219848
The only thing i would try doing is what i mentioned above, if you're in a workgroup environment then do the first method i suggested above, if you're in a domain environment try the second method. Alternatively you may be able to do an XP system restore back to a time when you knew this system was functioning normally.
0
 

Author Comment

by:PDSWSS
ID: 35245212
Still working on this. Need an AD admin to let me know the relevant group policy. Thanks
0
 
LVL 56

Expert Comment

by:McKnife
ID: 35245245
Start rsop.msc to see what policy is responsible for that setting and change it. This computer is a domain member, I suppose? Then it will be a domain GPO.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 35245253
Note: rsop.msc cannot be used to change policies, you will have to do it at the domain controller's gpmc.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses
Course of the Month13 days, 16 hours left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question