Solved

Interactive Logon

Posted on 2011-09-26
16
1,306 Views
Last Modified: 2012-06-21
Now I have done it ... I know what I have done, I just cannot seem to get it undone.  I went into the Group Policy Settings on the Server and turned on the "Display information about previous logons during user logon"  Now when I restart ANY computer INCLUDING the server I get "Security policiews on this computer are set to display information about the last interactive logon.  Windows Could not retrieve this information"  and sends me back to the logon screen.  I have tried restarting the server in safe mode ... it lets me in but will not let me play with the group policies.

Any ideas what to try next?
0
Comment
Question by:runright
  • 8
  • 7
16 Comments
 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
Download the RSAT tool set. They include the group policy management console, but since you aren't logging into a session, the error shouldn't manifest and you can edit the group policy remotely.

-Cliff
0
 

Author Comment

by:runright
Comment Utility
Awesome idea ... downloading now and will advise when done..
0
 

Author Comment

by:runright
Comment Utility
Okay ... I have
1)  Verified this is the one and only install of the Administration Tools Pack
2)  Downloaded and installed the RSAT Tools
3)  Gone into the control panel, programs and features, turn windows features on and off.  I have enabled the remote server and ticked off the "Remote Server Administration Tools" and have ticked off in the Feature Administration Tools the "Group Policy Management Tools"
4)  After doing this a nice icon appears in the Start Menu for "Server Manager"
5)  The first thing it wants is to know the name of the server to connect to, I clicked the Browse button and typed in the server name, checked the name  
6)  When I try this it tries for a moment then Server Manager cannot connect to the server
7)  The help on the mssage says make certain the WinRM service is running.  It is ...
8)  The server SBS 2008 does have all updates installed.

Still stuck ... next?

Tony
0
 
LVL 11

Expert Comment

by:Ackles
Comment Utility
0
 

Author Comment

by:runright
Comment Utility
Ackles, it sounds like I need to enable remote server management on the server before I can connect from a workstation.  I guess the problem I am having is that I cannot log onto the server to enable the remote connection.

0
 
LVL 11

Expert Comment

by:Ackles
Comment Utility
Are you saying that you can't logon to the server as Admin?
0
 

Author Comment

by:runright
Comment Utility
Yes that is correct, even at the server level, when I try to log on it responds with "Security policies on this computer are set to display information about the last interactive logon.  Windows Could not retrieve this information".  I have discovered that with the workstations, if you unplug them you can log on, then plug them back in and get working ... I have also placed a call to Microsoft, paid the big bucks and will see what happens...
0
 
LVL 11

Expert Comment

by:Ackles
Comment Utility
Hold with MS Case we can try something
0
Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

 
LVL 11

Expert Comment

by:Ackles
Comment Utility
If you have any Vista or Windows 7 client do the following:


1. Log on to Vista workstation using a local acconut. (This is not required if you can reach one of your Domain Controllers directly).

2. Log on to any of your domain controllers using Termianl Services (Remote Desktop).

3. Edit the policy (disable setting), disable the entire GPO or just delete its link.

4. Log off the domain controller.

5. Do 'gpupdate /force' at your Vista workstation.

6. Log off Vista.

7. Log on using regular domain account should now succeed.

Let me know how it goes....
A
0
 
LVL 11

Expert Comment

by:Ackles
Comment Utility
Or if you want to do it on DC itself, then

reboot the DC into Safe Mode with Networking (in this mode, GPOs are not applied to the DC)

logon with Domain Admin account

use the GPMC to disable that feature

Try any of these.

A
0
 

Author Comment

by:runright
Comment Utility
Unfortunantly when I rebooted the server is safe mode, it would not let me into any Group Policy items ...

This is how Microsoft solved it.

1)  Gain access to the server from another workstation
2)  Replace \\server\c$\Windows\sysvol\sysvol\domain.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\MACHINE\Registry.pol with another one from another machine

That seems to be about it.  I may be able to give more details later
0
 
LVL 11

Expert Comment

by:Ackles
Comment Utility
Did you try safe mode with "Networking" ?
0
 

Accepted Solution

by:
runright earned 0 total points
Comment Utility
Did not try safe mode with Networking, did try Directory Services Restore Mode.  The information sent to me from Microsoft did not give any additional clues as to what they did, but IT IS FIXED!
0
 

Author Closing Comment

by:runright
Comment Utility
Microsoft may charge a bit ... but so far they have been able to fix all the problems I have given them ...
0
 
LVL 11

Expert Comment

by:Ackles
Comment Utility
Glad to hear that, however what I suggested Safe Mode with Networking is one of the resolution provided by MS.

Anyways, the point was to resolve the issue & I am happy it's done :)

A
0
 
LVL 11

Expert Comment

by:Ackles
Comment Utility
I agree that the problem was resolved by MS, but he has clearly stated that he didn't try what was suggested, however in the previous comment he said that he tried, which is contradictory.

Just my thoughts.

A
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now