Solved

Interactive Logon

Posted on 2011-09-26
16
1,525 Views
Last Modified: 2012-06-21
Now I have done it ... I know what I have done, I just cannot seem to get it undone.  I went into the Group Policy Settings on the Server and turned on the "Display information about previous logons during user logon"  Now when I restart ANY computer INCLUDING the server I get "Security policiews on this computer are set to display information about the last interactive logon.  Windows Could not retrieve this information"  and sends me back to the logon screen.  I have tried restarting the server in safe mode ... it lets me in but will not let me play with the group policies.

Any ideas what to try next?
0
Comment
Question by:runright
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 7
16 Comments
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 36599669
Download the RSAT tool set. They include the group policy management console, but since you aren't logging into a session, the error shouldn't manifest and you can edit the group policy remotely.

-Cliff
0
 

Author Comment

by:runright
ID: 36599758
Awesome idea ... downloading now and will advise when done..
0
 

Author Comment

by:runright
ID: 36600156
Okay ... I have
1)  Verified this is the one and only install of the Administration Tools Pack
2)  Downloaded and installed the RSAT Tools
3)  Gone into the control panel, programs and features, turn windows features on and off.  I have enabled the remote server and ticked off the "Remote Server Administration Tools" and have ticked off in the Feature Administration Tools the "Group Policy Management Tools"
4)  After doing this a nice icon appears in the Start Menu for "Server Manager"
5)  The first thing it wants is to know the name of the server to connect to, I clicked the Browse button and typed in the server name, checked the name  
6)  When I try this it tries for a moment then Server Manager cannot connect to the server
7)  The help on the mssage says make certain the WinRM service is running.  It is ...
8)  The server SBS 2008 does have all updates installed.

Still stuck ... next?

Tony
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 11

Expert Comment

by:Ackles
ID: 36600449
0
 

Author Comment

by:runright
ID: 36600987
Ackles, it sounds like I need to enable remote server management on the server before I can connect from a workstation.  I guess the problem I am having is that I cannot log onto the server to enable the remote connection.

0
 
LVL 11

Expert Comment

by:Ackles
ID: 36601208
Are you saying that you can't logon to the server as Admin?
0
 

Author Comment

by:runright
ID: 36601482
Yes that is correct, even at the server level, when I try to log on it responds with "Security policies on this computer are set to display information about the last interactive logon.  Windows Could not retrieve this information".  I have discovered that with the workstations, if you unplug them you can log on, then plug them back in and get working ... I have also placed a call to Microsoft, paid the big bucks and will see what happens...
0
 
LVL 11

Expert Comment

by:Ackles
ID: 36601501
Hold with MS Case we can try something
0
 
LVL 11

Expert Comment

by:Ackles
ID: 36601530
If you have any Vista or Windows 7 client do the following:


1. Log on to Vista workstation using a local acconut. (This is not required if you can reach one of your Domain Controllers directly).

2. Log on to any of your domain controllers using Termianl Services (Remote Desktop).

3. Edit the policy (disable setting), disable the entire GPO or just delete its link.

4. Log off the domain controller.

5. Do 'gpupdate /force' at your Vista workstation.

6. Log off Vista.

7. Log on using regular domain account should now succeed.

Let me know how it goes....
A
0
 
LVL 11

Expert Comment

by:Ackles
ID: 36601545
Or if you want to do it on DC itself, then

reboot the DC into Safe Mode with Networking (in this mode, GPOs are not applied to the DC)

logon with Domain Admin account

use the GPMC to disable that feature

Try any of these.

A
0
 

Author Comment

by:runright
ID: 36601634
Unfortunantly when I rebooted the server is safe mode, it would not let me into any Group Policy items ...

This is how Microsoft solved it.

1)  Gain access to the server from another workstation
2)  Replace \\server\c$\Windows\sysvol\sysvol\domain.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\MACHINE\Registry.pol with another one from another machine

That seems to be about it.  I may be able to give more details later
0
 
LVL 11

Expert Comment

by:Ackles
ID: 36601642
Did you try safe mode with "Networking" ?
0
 

Accepted Solution

by:
runright earned 0 total points
ID: 36712136
Did not try safe mode with Networking, did try Directory Services Restore Mode.  The information sent to me from Microsoft did not give any additional clues as to what they did, but IT IS FIXED!
0
 

Author Closing Comment

by:runright
ID: 36898959
Microsoft may charge a bit ... but so far they have been able to fix all the problems I have given them ...
0
 
LVL 11

Expert Comment

by:Ackles
ID: 36712148
Glad to hear that, however what I suggested Safe Mode with Networking is one of the resolution provided by MS.

Anyways, the point was to resolve the issue & I am happy it's done :)

A
0
 
LVL 11

Expert Comment

by:Ackles
ID: 36712168
I agree that the problem was resolved by MS, but he has clearly stated that he didn't try what was suggested, however in the previous comment he said that he tried, which is contradictory.

Just my thoughts.

A
0

Featured Post

Get HTML5 Certified

Want to be a web developer? You'll need to know HTML. Prepare for HTML5 certification by enrolling in July's Course of the Month! It's free for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question