Solved

2008 r2 denies local login

Posted on 2012-12-26
7
468 Views
Last Modified: 2012-12-28
I had all users showing on the server login screen so I did the following.

1. Select Local Security Policy from Administrative Tools.
2. Expand Local Policies.
3. Select User Rights Assignment.
4. Double-click Deny log on locally to display dialog.
5. Add users or groups.
6. Click OK to save.
7. Reboot.

Then I tested and the 3 users did not show then rebooted and all was well.

Then to hide all users I accedentally put everyone as clear all users except Administrator.

It the would not allow local users to access the server.
The server is not a domain and no remote acces had been setup

Can you help ??


Dan Landry
0
Comment
Question by:DanielBLandry
7 Comments
 
LVL 22

Expert Comment

by:yo_bee
ID: 38723559
EDIT:  Did not read it completely.  Please ignore my suggestion.

You can try to RDP to the machine and access it that way.
Do you have RDP enabled.
0
 
LVL 22

Expert Comment

by:yo_bee
ID: 38723567
You can try Safe Mode boot and see if that works.
Also if this a production machine?
0
 

Author Comment

by:DanielBLandry
ID: 38723650
Tried safe mode and got the option go to safe mode then continued and started normally.
So I cannot login.  This is a production machine so I am in bad way.


Dan Landry
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 42

Expert Comment

by:kevinhsieh
ID: 38724226
Have you tried reboot into the last known good configuration?

Do you have a recent backup?
0
 
LVL 12

Assisted Solution

by:Sommerblink
Sommerblink earned 333 total points
ID: 38724288
Is the built-in firewall or another firewall enabled on the computer?

If not, perhaps you can open up the registry remotely from another computer and enable terminal services?

There is a key HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\fDenyTSConnections. This is set to 1 if RD is disabled. 0 for enabled.

Otherwise, there is a program that Microsoft published called NTRights.exe (http://support.microsoft.com/kb/315276) but to be honest, I don't have an environment to give this a shot in, but the command might look like this:

ntrights -u Everyone -m \\computername -r SeDenyInteractiveLogonRight

I've never played with this before, so you might need to fine tune that, but from the commandline help file, this should remove the Everyone group from the Deny Interactive Logon Right. Also, I don't know if this program will work with a firewall enabled as well.
0
 
LVL 22

Accepted Solution

by:
yo_bee earned 167 total points
ID: 38724460
Can this server be restarted?
Do you have the ability to connect to the server HKLM hive?
if so there is a means to getting to GPEDIT.MSC

Connect to the HKLM\SYSTEM\STARTUP  and change startupType = 2 and CmdLine to cmd.exe  
Reboot and this will get you to a command prompt and it will be like it running for the first time.
In the CMD enter GPEDIT.MSC and modify the settings for Logon Locally

I just tested this on a server in my Lab and it worked.
0
 
LVL 12

Assisted Solution

by:Sommerblink
Sommerblink earned 333 total points
ID: 38728257
Not sure how it is going since you haven't responded back yet.

But just for future reference, in order to remove the user icons from the login screen, you need to disable Do not require CTRL-ALT-DEL to Logon Policy.

This is located at Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Interactive Logon: Do not require CTRL+ALT+DEL and set this to Disable.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
sccm report 1 38
Undo a Print Server Setup 5 71
Moving to a Virtual from an SQL cluster, best practices? 5 69
Auto Login Script 3 12
Normally after a failure of Domain Controller, when promoting new DC the DC is renamed, we will discuss the options in Dcpromo to re-create the DC with the same name. Scenario: You are a small IT shop with two Domain Controllers (Domain Contr…
I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now