Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 519
  • Last Modified:

Why can only administrators login interactively into one of my computers with Windows XP?

When I try to login any user that is not an admin I get the attached error message. I then went to local policy to add users that can login locally
(see attached) and can not modify settings as they are greyed out. In addition, a couple of users that are defined by a long string of characters starting
with *S-1-5... are included as having permission. Who are these users and why can I not modify these settings as an admin? Thanks
localpolicyerror.png
loczal-login-issueEE.png
0
PDSWSS
Asked:
PDSWSS
  • 4
  • 4
  • 2
  • +2
2 Solutions
 
residentsCommented:
You need to allow the specific user remote access to the computer. Login as administrator then go to Start, Right click my computer, properties, in the remote tab make sure remote desktop is turned on and choose "Select remote users" and add them there.
0
 
nsx106052Commented:
Users that start out with *S-1-5. are old users accounts that have been deleted.  These users should be removed.  

If the local security policy is grayed out you will need to find out what group policy object is pushing down these settings so they can be changed.  
0
 
PDSWSSAuthor Commented:
residents: This post is probably not clear enough. These messages are from a local not remote login. Thanks
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
bhartwellCommented:
If you find that there is no Group Policy pushing down these changes you can try doing these steps if you feel comfortable enough doing it.

1. Open the %Systemroot%\Security\Database folder.
2. Rename the Secedit.sdb file.
3. Copy a good copy from another good XP workstation.
4. Restart the computer.

or do this if you think the policy got corrupted somehow:

1. Rename it to "secedit.old" instead of "secedit.sdb"
2. Start - Run - CMD
3. At the command prompt type "secedit /refreshpolicy machine_policy
/enforce" (without the quotes of course) this should recreate the secedit.sdb file.
0
 
PDSWSSAuthor Commented:
How do I get to group policy for the local computer. The group policy I am familiar with is part of active directory. Thanks,
0
 
bhartwellCommented:
When i mentioned Group Policy i was referring to your active directory server. Go to a run prompt and type in "rsop.msc" then expand "Windows Settings"--> Security Settings--> "Local Policies" -->"User rights assignment". then find the "log on locally" policy and see if it is defined, if it is then you have proven that a Group Policy is being applied to it from the domain level. In which case you will need to find that Specific GPO and modify accordingly. Hope that helps.
0
 
bhartwellCommented:
Sorry, i meant to add that the RSOP steps i mentioned above should be applied to the local computer having the issues.
0
 
PDSWSSAuthor Commented:
Thanks. I am not a domain admin so I would not have access to the AD group policy. I don't see how the AD group policy would be blocking local logins on my computer since local user accounts can log into other PCs in this domain.  However, I will look into this possibility.
Any other ideas?
0
 
bhartwellCommented:
The only thing i would try doing is what i mentioned above, if you're in a workgroup environment then do the first method i suggested above, if you're in a domain environment try the second method. Alternatively you may be able to do an XP system restore back to a time when you knew this system was functioning normally.
0
 
PDSWSSAuthor Commented:
Still working on this. Need an AD admin to let me know the relevant group policy. Thanks
0
 
McKnifeCommented:
Start rsop.msc to see what policy is responsible for that setting and change it. This computer is a domain member, I suppose? Then it will be a domain GPO.
0
 
McKnifeCommented:
Note: rsop.msc cannot be used to change policies, you will have to do it at the domain controller's gpmc.
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 4
  • 4
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now