|
Posted by Roger Abell [MVP] on March 5, 2008, 9:19 am
If you were Registered and logged in, you could reply and use other advanced thread options
In a machine's local security policy (or controlled by GPO but still
showing with gpedit) are user rights, including the user right to
Log on locally and a Deny logon locally.
Normally a domain joined machine has Users granted local logon,
and has Domain Users, Interactive, and Authenticated Users as
members of Users.
It sounds like something was broken in that linkage (good, as it
is needed to secure a machine from broad access) but was not
replaced with the needed.
For example, if domain\SpecialUsers need access, then that group
needs local login right either directly or more likely by being in
the machine's Users group which same is local logon.
Roger
> We are migrating some special, secured, PCs to a new Active Directory
> Domain.
>
> A central IT technician was dispatched to lock down the PC and verify the
> PCs Information
> Assurance level.
>
> In the process Domain Users get (not exact quote) "Not authorized to logon
> to Domain from
> this PC" as an error message when attempting a logon.
>
> Only Domain Admins. can logon.
>
> Any advice ?
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
| 
XML site map