Advertisement
Forum List The ITidiots Show Questions and Answers
jay
Visitor
 
 Domain controller problem - 2006/11/11 09:27 Hi

I installed a domain controller using win server 2003 standard edition. I followed the same procedure that was shown in the podcast. I created a user account and then joined the client machine to the domain. Then after the client rebooted i tried loggin in but the problem was. it gave the error" local policy doesnt not allow interactive log on"

what does this mean? I tried going over the local policies but nothing is there which relates to this error?

please help!
  | | The administrator has disabled public write access.
Nicky Curtis
Admin
Karma: 22  
Re:Domain controller problem - 2006/11/11 13:24 Hi Jay,

Are you trying to logon to the domain controller with the user account? If so this message is understandable.

Basically the right to logon locally is required to interactively logon to the local machine. Standard user accounts do not have the right to logon locally to a domain controller and you will get this message if you attempt to logon. To solve this you could relax the security in the Default Domain Controllers Policy, under User Rights.

To check to see if this is the cause of the problem, try adding the user account to the domain admins group and then attempt to logon again.

Let me know if this helps,

Nicky
  | | The administrator has disabled public write access.
Jay
Visitor
 
 Re:Domain controller problem - 2006/11/11 17:20 Hi nicky,

first of all thanks for getting back at me...Well i setup up a DC on the server and created a normal user account so the user accounts can be centrally managed and then i added the client machine to the domain.. and then rebooted and selected the domain to log onto and i provided the username and password i created on the DC.. and pressed enter and soon as i do that it comes up with "local policy does not allow interactive bla bla" when they mean local is it the client or the server? I'm trying to get the profile for the user and use the client machine for work as a normal person ..so im NOT actually logging into the DC but merely authenticating and getting authorized for certain resources ..as u showed in the podcast..just storing everything centrally...

Well really im deploying this as a project for the uni and implementing role based access control using azman.msc , first step to that shuold involve creating an active directory.. the server and the client is in the Uni
so i have to try your recipe when i go in on monday..ill let u know the status of it when i reconfig it.

Also i have a security question which i think is really important
When you add a client to the domain it asks you to give a user name and a password of an already authorized user for the domain right.. Does it always have to be teh admin ? Can it be some other user account type with lower powers than admin because there may be a security issue surrounding this if some knew the admin's user name and password while he typed it..if someone knew about some other account which have lower powers than admin who is already authorized , less harm is done.. let me know if im correct on this

again thanks for ur time..much appreciated! hope shabby's drugs are selling well!
  | | The administrator has disabled public write access.
Nicky Curtis
Admin
Karma: 22  
Re:Domain controller problem - 2006/11/12 18:50 Hi Jay,

There is a right which you can delegate to any user it is "Add workstations to a domain". I think account operators may have this right as well as administrators but you can check this on the Default Domain Controllers Policy. I would check but I am away from a server at the moment.

Other than that any authenticated user can add 10 workstations to a domain. I always found that kinda weird.

Nicky
  | | The administrator has disabled public write access.
Jay
Visitor
 
 Solution found - 2006/11/14 12:17 hi nicky

i simply executed this command to reset the local policy's on both client and the server
secedit /configure /cfg %windir%repairsecsetup.inf /db secsetup.sdb /verbose

it works fine now
  | | The administrator has disabled public write access.
Forum List The ITidiots Show Questions and Answers
Joomlaboard Forum Component
Two Shoes M-Factory
Joomla Templates by Joomlashack
Joomla Templates and Joomla Tutorial