Issue on windows server 2008 R2
Hello,
I'm having a problem on my network, its running a WS 2008R2 and the workstations are XP pro, we have just set up the domain and everything was working fine, then we tweaked the software restriction policies, and just added an additional rule to block the path of the software we intended to block. after doing this all the users on the domain started having problems logging in they got the message "Local Policy of this System Doesnt permit you to login interactively" to fix this we restored the security settings using the following command : "secedit /configure /cfg %windir%\repair\secsetup.i
any help will be greatly appreciated.
Thanks
I'm having a problem on my network, its running a WS 2008R2 and the workstations are XP pro, we have just set up the domain and everything was working fine, then we tweaked the software restriction policies, and just added an additional rule to block the path of the software we intended to block. after doing this all the users on the domain started having problems logging in they got the message "Local Policy of this System Doesnt permit you to login interactively" to fix this we restored the security settings using the following command : "secedit /configure /cfg %windir%\repair\secsetup.i
any help will be greatly appreciated.
Thanks
ASKER
Hello,
I checked that and changed the Allow log on locally to domain users and Admins - ok I think that could have solved the issue with getting "Local Policy of this System Doesnt permit you to login interactively".
then I'm left with one more problem, the Billing software will not work on any user other than the Admin, the only way I have found to get the regular users to be able to use the program is to make them members of Domain Admins, and Enterprise Admins. both of them it doesn't work with just one or the other. now I realize this is a crap solution, but its as far as I have got. so any ideas of why this could be the case will be greatly appreciated.
Thanks in advanced
I checked that and changed the Allow log on locally to domain users and Admins - ok I think that could have solved the issue with getting "Local Policy of this System Doesnt permit you to login interactively".
then I'm left with one more problem, the Billing software will not work on any user other than the Admin, the only way I have found to get the regular users to be able to use the program is to make them members of Domain Admins, and Enterprise Admins. both of them it doesn't work with just one or the other. now I realize this is a crap solution, but its as far as I have got. so any ideas of why this could be the case will be greatly appreciated.
Thanks in advanced
Do the users have local adminrights on their system..? Perhaps you can try changing the userrights on the programs directory or at least compare the rights on those (user / program dir.) between a system that works correct and one that doesn't. I assume your billing software is installed locally on the XP systems and the data is on the 2008R2 machine.
In this case check for possible differences. Perhaps there are some rights which have not correctly been reversed by undoing the software restriction policies.
In this case check for possible differences. Perhaps there are some rights which have not correctly been reversed by undoing the software restriction policies.
You can use Process Monitor from www.sysinternals.com to see where the permissions issues arise from with your Billing App. Log in as a non-admin user, and Shift-Right-click procmon.exe to RunAs administrator. Then use your troublesome app and get it to misbehave. Stop Procmon from collecting data and then start going through the results. Exclude the things that are not of interest to look for the "Access Denied" values in the Result column. Typically I exclude all different entries in the Result column one by one until I'm left with just the "Access Denied" ones. Some Access Denied messages can be ignored and are due to lazy programming - eg access denied when accessing a Windows system file. Typical findings are the app wanting full control to the following places:
C:\Program Files\<app's folder>\
C:\Program Files\Common Files\<app's folder>\
c:\windows\temp\
an INI file in c:\windows\
C:\Documents and Settings\All Users\Application Data\<app's folder>\
HKLM\Software\<app's key>\
C:\Program Files\<app's folder>\
C:\Program Files\Common Files\<app's folder>\
c:\windows\temp\
an INI file in c:\windows\
C:\Documents and Settings\All Users\Application Data\<app's folder>\
HKLM\Software\<app's key>\
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I couldn't find another way to fix this, except for my solution.
Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment
Allow log on locally -> Not defined
or that Domain Users are allowed to log in (And domain admins).