Avatar of Schuyler Dorsey
Schuyler Dorsey
Flag for United States of America asked on

Domain Admin account cannot login interactively, SBS 2003

I have a client who has an SBS03 server. Their domain admin account was set to no password (I know, I know. I tried and  tried but it is what they wanted).

A password mysteriously appeared on the admin account last week and neither of the two employees knew why so they asked me to reset it. So I went through the process of resetting the local admin password, logging into directory services restore mode and running the exe's from Microsoft. I reset the password and was able to get in fine. They specifically asked me to blank it again.

Now it has a password yet again. I reset the local admin password and ran the exe's again. Now when I try to log in to the domain admin account I get the message "this computers security policy does not permit this account to log in interactively".

I tried logging into the local security policy while back in directory services restore mode, it only lists SID's under the user rights assignments and not the domain accounts. Regardless, I cannot change or remove anything in the security policy. The options to, are grayed out.

I would appreciate a point in the right direction so I can get in and clean up/harden the server the way it needs to be.

Active DirectorySBS

Avatar of undefined
Last Comment

8/22/2022 - Mon

Check your User Rights Assignment within your applicable GPO.
Abbas Haidar

rejoing the computers to the domain!
Schuyler Dorsey

I am sorry I forgot to mention, this is a domain controller. It is SBS2003.

I cannot access the GPO while logged into a local account. I cannot login to the domain admin account as noted in my previous message.

There are no other accessible domain accounts.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.

Do you have another DC to see what GPO settings are configured?
Schuyler Dorsey

I do not. This is their one and only server. There are no member computers either.

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Schuyler Dorsey

Thanks for the help all. Through booting into directory services recovery mode, I looked through the event logs and discovered rdp access had been brute forced. Due to this, the business owner has opted to have the whole server reformatted.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.

That sounds like a wise decision by the owner. Good luck.