Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Setting Allow log on locally don't work.
Setting Allow log on locally don't work. [message #294625] Thu, 22 October 2009 12:23 Go to next message
Adriano  is currently offline Adriano  Brazil
Messages: 7
Registered: September 2009
Junior Member
Hi,
Even setting that only administrators and GrupoA, for example, have
permission to log on locally. All users still logging log on locally at the
stations in which the GPO should be restricted to log on. What can be?

Thank you.

Adriano.
Re: Setting Allow log on locally don't work. [message #294775 is a reply to message #294625] Thu, 22 October 2009 14:09 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello Adriano,

If i understand you correct you have configured and linked a GPO to an OU
where the mentioned computer accounts are located in AD UC where this setting
is defined.

Did you run gpresult /v or rsop.msc on the client to check if the GPO is
applied correct?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi,
> Even setting that only administrators and GrupoA, for example, have
> permission to log on locally. All users still logging log on locally
> at the
> stations in which the GPO should be restricted to log on. What can be?
> Thank you.
>
> Adriano.
>
Re: Setting Allow log on locally don't work. [message #295544 is a reply to message #294775] Fri, 23 October 2009 06:11 Go to previous messageGo to next message
Adriano  is currently offline Adriano
Messages: 7
Registered: September 2009
Junior Member
Hello Meinolf,

Exact. I configured and linked a GPO in OU
where the mentioned computer accounts are located in AD.
I run gpresult and the GPO is showed with applicated.
To avoid interference of the others GPO in OU which computer accounts are
located,
I enabled block inheritance and I checked that any GPO in domain,
site or OU Domain Controllers with Enforced enable.

Best regards

Adriano Paganotto.


"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> escreveu na mensagem
news:6cb2911d80c48cc217b6b06c4b2@msnews.microsoft.com...
> Hello Adriano,
>
> If i understand you correct you have configured and linked a GPO to an OU
> where the mentioned computer accounts are located in AD UC where this
> setting is defined.
>
> Did you run gpresult /v or rsop.msc on the client to check if the GPO is
> applied correct?
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Hi,
>> Even setting that only administrators and GrupoA, for example, have
>> permission to log on locally. All users still logging log on locally
>> at the
>> stations in which the GPO should be restricted to log on. What can be?
>> Thank you.
>>
>> Adriano.
>>
>
>
Re: Setting Allow log on locally don't work. [message #295599 is a reply to message #294625] Fri, 23 October 2009 06:22 Go to previous messageGo to next message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
What specifically have you done? We do this and it works fine. Please
describe the settings you have enabled, where the gpo is linked and what
machines have the read and apply permissions set. Also, have you run
Resultant Set of Policy (RSoP) against the machine that is failing? RSoP is
a free snapin from Microsoft.

http://support.microsoft.com/kb/323276

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Adriano R. Paganotto" <adriano@ccuec.unicamp.br> wrote in message
news:A2A45F27-B417-4F1B-801B-A7315312CAF3@microsoft.com...
> Hi,
> Even setting that only administrators and GrupoA, for example, have
> permission to log on locally. All users still logging log on locally at
> the
> stations in which the GPO should be restricted to log on. What can be?
>
> Thank you.
>
> Adriano.
>
Re: Setting Allow log on locally don't work. [message #296001 is a reply to message #295599] Fri, 23 October 2009 12:51 Go to previous messageGo to next message
Adriano  is currently offline Adriano
Messages: 7
Registered: September 2009
Junior Member
Hello Paul,

Realy I do this e always works fine.
I created a OU e added only one account computer in this OU.
In this OU I linked a GPO to set which groups that allow log on locally.
To avoid interference of the others GPOs in this OU,
I enabled block inheritance and there is not others GPOs
affected the account computer. follow down the log of gpresult /v:


C:\>gpresult /v
Ferramenta de resultados de diretiva de grupo v2.0 do Sistema operacional
Microsoft (R) Windows (R) XP
Copyright (C) Microsoft Corp. 1981-2001
Criado em 23/10/2009 às 13:37:05

Resultados RSOP para XPVIRTUALTUX\Administrador em XPVIRTUALTUX : modo de
log
------------------------------------------------------------ -----------------
Tipo de sistema operacional: Microsoft Windows XP
Professional
Configuração do sistema operacional: Estação de trabalho membro
Versão do sistema operacional: 5.1.2600
Nome do domínio: ABC
Tipo de domínio: Windows 2000
Nome do site: Primeiro-site-padrao
Perfil móvel:
Perfil local: C:\Documents and
Settings\Administrador.XPVIRTUAL
Conectado por meio de um link lento?: Não

CONFIGURAÇÕES DO COMPUTADOR
----------------------------
Última vez em que a diretiva de grupo foi aplicada: 23/10/2009 at
12:19:1
A diretiva de grupo foi aplicada de: abc.br
Limite de vínculo lento de diretiva de grupo: 500 kbps

Objetos de diretiva de grupo
aplicados
-------------------------------------------
DenyLogon

Os GPOs a seguir não foram aplicados porque foram filtrados
------------------------------------------------------------
Diretivas de grupo locais
Filtragem: Não aplicado (vazio)

O computador faz parte dos seguintes grupos de segurança:
---------------------------------------------------------
Administradores
Todos
Usuários
REDE
Usuários autenticados
XPVIRTUALTUX$
Computadores do domínio

Conjunto de diretivas resultante para o computador:
----------------------------------------------------
Instalações de software
-----------------------
N/A
Scripts de inicialização
------------------------
N/A
Scripts de desligamento
-----------------------
N/A
Diretivas de conta
------------------
N/A
Diretiva de auditoria
---------------------
N/A
Direitos do usuário
-------------------
GPO: DenyLogon
Diretiva: InteractiveLogonRight
Configuração do computador: Administradores
ABC\Administrador
ABC\Admins. do domínio
ABC\Posgraducao

Opções de segurança
-------------------
N/A
Configurações de log de eventos
-------------------------------
N/A
Grupos restritos
----------------
N/A
Serviços do sistema
-------------------
N/A
Configurações do Registro
-------------------------
N/A
Configurações do sistema de arquivos
------------------------------------
N/A
Diretivas de chave pública
--------------------------
N/A
Modelos administrativos
-----------------------
GPO: DenyLogon
Config.: Software\Policies\Microsoft\Windows
NT\CurrentVersion\Winlogon
Estado: Ativada

CONFIGURAÇÕES DO USUÁRIO
-------------------------
Última vez em que a diretiva de grupo foi aplicada: 23/10/2009 at
12:31:3
A diretiva de grupo foi aplicada de: N/A
Limite de vínculo lento de diretiva de grupo: 500 kbps

Objetos de diretiva de grupo
aplicados
-------------------------------------------
N/A
Os GPOs a seguir não foram aplicados porque foram filtrados
------------------------------------------------------------
Diretivas de grupo locais
Filtragem: Não aplicado (vazio)
O usuário faz parte dos seguintes grupos de segurança:
------------------------------------------------------
Nenhum
Todos
Administradores
Usuários
INTERATIVO
Usuários autenticados
LOCAL

Conjunto de diretivas resultante para o usuário:
-------------------------------------------------
Instalações de software
-----------------------
N/A
Diretivas de chave pública
--------------------------
N/A
Modelos administrativos
-----------------------
N/A
Redirecionamento de pasta
-------------------------
N/A
Interface do usuário do navegador Internet Explorer
---------------------------------------------------
N/A
Conexão do Internet Explorer
----------------------------
N/A
URLs do Internet Explorer
-------------------------
N/A
Segurança do Internet Explorer
------------------------------
N/A
Programas do Internet Explorer
------------------------------
N/A

C:\>



"Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> escreveu na mensagem
news:OeE6Bu9UKHA.5368@TK2MSFTNGP02.phx.gbl...
> What specifically have you done? We do this and it works fine. Please
> describe the settings you have enabled, where the gpo is linked and what
> machines have the read and apply permissions set. Also, have you run
> Resultant Set of Policy (RSoP) against the machine that is failing? RSoP
> is a free snapin from Microsoft.
>
> http://support.microsoft.com/kb/323276
>
> --
> Paul Bergson
> MVP - Directory Services
> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
> 2008, 2003, 2000 (Early Achiever), NT4
> Microsoft's Thrive IT Pro of the Month - June 2009
>
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewsGroup This
> posting is provided "AS IS" with no warranties, and confers no rights.
>
> "Adriano R. Paganotto" <adriano@ccuec.unicamp.br> wrote in message
> news:A2A45F27-B417-4F1B-801B-A7315312CAF3@microsoft.com...
>> Hi,
>> Even setting that only administrators and GrupoA, for example, have
>> permission to log on locally. All users still logging log on locally at
>> the
>> stations in which the GPO should be restricted to log on. What can be?
>>
>> Thank you.
>>
>> Adriano.
>>
>
>
Re: Setting Allow log on locally don't work. [message #298284 is a reply to message #296001] Mon, 26 October 2009 06:12 Go to previous messageGo to next message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
Sorry, I can't read Spanish (I think?). If you have the computer within the
ou, it is setup correctly and you have given this computer read and apply, I
don't see a problem.

Try placing a machine from another ou that it is working into this ou and
see if it still works. I think you need to do a reboot, I'm not sure so I
just do. My guess is this new machine won't work correctly either.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Adriano R. Paganotto" <adriano@ccuec.unicamp.br> wrote in message
news:97C483D9-6DB6-4742-B3CE-B09D2C9AE41F@microsoft.com...
> Hello Paul,
>
> Realy I do this e always works fine.
> I created a OU e added only one account computer in this OU.
> In this OU I linked a GPO to set which groups that allow log on locally.
> To avoid interference of the others GPOs in this OU,
> I enabled block inheritance and there is not others GPOs
> affected the account computer. follow down the log of gpresult /v:
>
>
> C:\>gpresult /v
> Ferramenta de resultados de diretiva de grupo v2.0 do Sistema operacional
> Microsoft (R) Windows (R) XP
> Copyright (C) Microsoft Corp. 1981-2001
> Criado em 23/10/2009 s 13:37:05
>
> Resultados RSOP para XPVIRTUALTUX\Administrador em XPVIRTUALTUX : modo de
> log
> ------------------------------------------------------------ -----------------
> Tipo de sistema operacional: Microsoft Windows XP
> Professional
> Configurao do sistema operacional: Estao de trabalho membro
> Verso do sistema operacional: 5.1.2600
> Nome do domnio: ABC
> Tipo de domnio: Windows 2000
> Nome do site: Primeiro-site-padrao
> Perfil mvel:
> Perfil local: C:\Documents and
> Settings\Administrador.XPVIRTUAL
> Conectado por meio de um link lento?: No
>
> CONFIGURAES DO COMPUTADOR
> ----------------------------
> ltima vez em que a diretiva de grupo foi aplicada: 23/10/2009 at
> 12:19:1
> A diretiva de grupo foi aplicada de: abc.br
> Limite de vnculo lento de diretiva de grupo: 500 kbps
>
> Objetos de diretiva de grupo
> aplicados
> -------------------------------------------
> DenyLogon
>
> Os GPOs a seguir no foram aplicados porque foram filtrados
> ------------------------------------------------------------
> Diretivas de grupo locais
> Filtragem: No aplicado (vazio)
>
> O computador faz parte dos seguintes grupos de segurana:
> ---------------------------------------------------------
> Administradores
> Todos
> Usurios
> REDE
> Usurios autenticados
> XPVIRTUALTUX$
> Computadores do domnio
>
> Conjunto de diretivas resultante para o computador:
> ----------------------------------------------------
> Instalaes de software
> -----------------------
> N/A
> Scripts de inicializao
> ------------------------
> N/A
> Scripts de desligamento
> -----------------------
> N/A
> Diretivas de conta
> ------------------
> N/A
> Diretiva de auditoria
> ---------------------
> N/A
> Direitos do usurio
> -------------------
> GPO: DenyLogon
> Diretiva: InteractiveLogonRight
> Configurao do computador: Administradores
> ABC\Administrador
> ABC\Admins. do domnio
> ABC\Posgraducao
>
> Opes de segurana
> -------------------
> N/A
> Configuraes de log de eventos
> -------------------------------
> N/A
> Grupos restritos
> ----------------
> N/A
> Servios do sistema
> -------------------
> N/A
> Configuraes do Registro
> -------------------------
> N/A
> Configuraes do sistema de arquivos
> ------------------------------------
> N/A
> Diretivas de chave pblica
> --------------------------
> N/A
> Modelos administrativos
> -----------------------
> GPO: DenyLogon
> Config.: Software\Policies\Microsoft\Windows
> NT\CurrentVersion\Winlogon
> Estado: Ativada
>
> CONFIGURAES DO USURIO
> -------------------------
> ltima vez em que a diretiva de grupo foi aplicada: 23/10/2009 at
> 12:31:3
> A diretiva de grupo foi aplicada de: N/A
> Limite de vnculo lento de diretiva de grupo: 500 kbps
>
> Objetos de diretiva de grupo
> aplicados
> -------------------------------------------
> N/A
> Os GPOs a seguir no foram aplicados porque foram filtrados
> ------------------------------------------------------------
> Diretivas de grupo locais
> Filtragem: No aplicado (vazio)
> O usurio faz parte dos seguintes grupos de segurana:
> ------------------------------------------------------
> Nenhum
> Todos
> Administradores
> Usurios
> INTERATIVO
> Usurios autenticados
> LOCAL
>
> Conjunto de diretivas resultante para o usurio:
> -------------------------------------------------
> Instalaes de software
> -----------------------
> N/A
> Diretivas de chave pblica
> --------------------------
> N/A
> Modelos administrativos
> -----------------------
> N/A
> Redirecionamento de pasta
> -------------------------
> N/A
> Interface do usurio do navegador Internet Explorer
> ---------------------------------------------------
> N/A
> Conexo do Internet Explorer
> ----------------------------
> N/A
> URLs do Internet Explorer
> -------------------------
> N/A
> Segurana do Internet Explorer
> ------------------------------
> N/A
> Programas do Internet Explorer
> ------------------------------
> N/A
>
> C:\>
>
>
>
> "Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> escreveu na mensagem
> news:OeE6Bu9UKHA.5368@TK2MSFTNGP02.phx.gbl...
>> What specifically have you done? We do this and it works fine. Please
>> describe the settings you have enabled, where the gpo is linked and what
>> machines have the read and apply permissions set. Also, have you run
>> Resultant Set of Policy (RSoP) against the machine that is failing? RSoP
>> is a free snapin from Microsoft.
>>
>> http://support.microsoft.com/kb/323276
>>
>> --
>> Paul Bergson
>> MVP - Directory Services
>> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
>> 2008, 2003, 2000 (Early Achiever), NT4
>> Microsoft's Thrive IT Pro of the Month - June 2009
>>
>> http://www.pbbergs.com
>>
>> Please no e-mails, any questions should be posted in the NewsGroup This
>> posting is provided "AS IS" with no warranties, and confers no rights.
>>
>> "Adriano R. Paganotto" <adriano@ccuec.unicamp.br> wrote in message
>> news:A2A45F27-B417-4F1B-801B-A7315312CAF3@microsoft.com...
>>> Hi,
>>> Even setting that only administrators and GrupoA, for example, have
>>> permission to log on locally. All users still logging log on locally at
>>> the
>>> stations in which the GPO should be restricted to log on. What can be?
>>>
>>> Thank you.
>>>
>>> Adriano.
>>>
>>
>>
>
Re: Setting Allow log on locally don't work. [message #298337 is a reply to message #298284] Mon, 26 October 2009 06:55 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
news:uk$KpWjVKHA.5368@TK2MSFTNGP02.phx.gbl...

Paul, just an FYI, this was multiposted to the group policy group.

Ace

> Sorry, I can't read Spanish (I think?). If you have the computer within
> the ou, it is setup correctly and you have given this computer read and
> apply, I don't see a problem.
>
> Try placing a machine from another ou that it is working into this ou and
> see if it still works. I think you need to do a reboot, I'm not sure so I
> just do. My guess is this new machine won't work correctly either.
>
> --
> Paul Bergson
> MVP - Directory Services
> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
> 2008, 2003, 2000 (Early Achiever), NT4
> Microsoft's Thrive IT Pro of the Month - June 2009
>
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewsGroup This
> posting is provided "AS IS" with no warranties, and confers no rights.
>
> "Adriano R. Paganotto" <adriano@ccuec.unicamp.br> wrote in message
> news:97C483D9-6DB6-4742-B3CE-B09D2C9AE41F@microsoft.com...
>> Hello Paul,
>>
>> Realy I do this e always works fine.
>> I created a OU e added only one account computer in this OU.
>> In this OU I linked a GPO to set which groups that allow log on locally.
>> To avoid interference of the others GPOs in this OU,
>> I enabled block inheritance and there is not others GPOs
>> affected the account computer. follow down the log of gpresult /v:
>>
>>
>> C:\>gpresult /v
>> Ferramenta de resultados de diretiva de grupo v2.0 do Sistema operacional
>> Microsoft (R) Windows (R) XP
>> Copyright (C) Microsoft Corp. 1981-2001
>> Criado em 23/10/2009 s 13:37:05
>>
>> Resultados RSOP para XPVIRTUALTUX\Administrador em XPVIRTUALTUX : modo de
>> log
>> ------------------------------------------------------------ -----------------
>> Tipo de sistema operacional: Microsoft Windows XP
>> Professional
>> Configurao do sistema operacional: Estao de trabalho
>> membro
>> Verso do sistema operacional: 5.1.2600
>> Nome do domnio: ABC
>> Tipo de domnio: Windows 2000
>> Nome do site: Primeiro-site-padrao
>> Perfil mvel:
>> Perfil local: C:\Documents and
>> Settings\Administrador.XPVIRTUAL
>> Conectado por meio de um link lento?: No
>>
>> CONFIGURAES DO COMPUTADOR
>> ----------------------------
>> ltima vez em que a diretiva de grupo foi aplicada: 23/10/2009 at
>> 12:19:1
>> A diretiva de grupo foi aplicada de: abc.br
>> Limite de vnculo lento de diretiva de grupo: 500 kbps
>>
>> Objetos de diretiva de grupo
>> aplicados
>> -------------------------------------------
>> DenyLogon
>>
>> Os GPOs a seguir no foram aplicados porque foram filtrados
>> ------------------------------------------------------------
>> Diretivas de grupo locais
>> Filtragem: No aplicado (vazio)
>>
>> O computador faz parte dos seguintes grupos de segurana:
>> ---------------------------------------------------------
>> Administradores
>> Todos
>> Usurios
>> REDE
>> Usurios autenticados
>> XPVIRTUALTUX$
>> Computadores do domnio
>>
>> Conjunto de diretivas resultante para o computador:
>> ----------------------------------------------------
>> Instalaes de software
>> -----------------------
>> N/A
>> Scripts de inicializao
>> ------------------------
>> N/A
>> Scripts de desligamento
>> -----------------------
>> N/A
>> Diretivas de conta
>> ------------------
>> N/A
>> Diretiva de auditoria
>> ---------------------
>> N/A
>> Direitos do usurio
>> -------------------
>> GPO: DenyLogon
>> Diretiva: InteractiveLogonRight
>> Configurao do computador: Administradores
>> ABC\Administrador
>> ABC\Admins. do domnio
>> ABC\Posgraducao
>>
>> Opes de segurana
>> -------------------
>> N/A
>> Configuraes de log de eventos
>> -------------------------------
>> N/A
>> Grupos restritos
>> ----------------
>> N/A
>> Servios do sistema
>> -------------------
>> N/A
>> Configuraes do Registro
>> -------------------------
>> N/A
>> Configuraes do sistema de arquivos
>> ------------------------------------
>> N/A
>> Diretivas de chave pblica
>> --------------------------
>> N/A
>> Modelos administrativos
>> -----------------------
>> GPO: DenyLogon
>> Config.: Software\Policies\Microsoft\Windows
>> NT\CurrentVersion\Winlogon
>> Estado: Ativada
>>
>> CONFIGURAES DO USURIO
>> -------------------------
>> ltima vez em que a diretiva de grupo foi aplicada: 23/10/2009 at
>> 12:31:3
>> A diretiva de grupo foi aplicada de: N/A
>> Limite de vnculo lento de diretiva de grupo: 500 kbps
>>
>> Objetos de diretiva de grupo
>> aplicados
>> -------------------------------------------
>> N/A
>> Os GPOs a seguir no foram aplicados porque foram filtrados
>> ------------------------------------------------------------
>> Diretivas de grupo locais
>> Filtragem: No aplicado (vazio)
>> O usurio faz parte dos seguintes grupos de segurana:
>> ------------------------------------------------------
>> Nenhum
>> Todos
>> Administradores
>> Usurios
>> INTERATIVO
>> Usurios autenticados
>> LOCAL
>>
>> Conjunto de diretivas resultante para o usurio:
>> -------------------------------------------------
>> Instalaes de software
>> -----------------------
>> N/A
>> Diretivas de chave pblica
>> --------------------------
>> N/A
>> Modelos administrativos
>> -----------------------
>> N/A
>> Redirecionamento de pasta
>> -------------------------
>> N/A
>> Interface do usurio do navegador Internet Explorer
>> ---------------------------------------------------
>> N/A
>> Conexo do Internet Explorer
>> ----------------------------
>> N/A
>> URLs do Internet Explorer
>> -------------------------
>> N/A
>> Segurana do Internet Explorer
>> ------------------------------
>> N/A
>> Programas do Internet Explorer
>> ------------------------------
>> N/A
>>
>> C:\>
>>
>>
>>
>> "Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> escreveu na mensagem
>> news:OeE6Bu9UKHA.5368@TK2MSFTNGP02.phx.gbl...
>>> What specifically have you done? We do this and it works fine. Please
>>> describe the settings you have enabled, where the gpo is linked and what
>>> machines have the read and apply permissions set. Also, have you run
>>> Resultant Set of Policy (RSoP) against the machine that is failing?
>>> RSoP is a free snapin from Microsoft.
>>>
>>> http://support.microsoft.com/kb/323276
>>>
>>> --
>>> Paul Bergson
>>> MVP - Directory Services
>>> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
>>> 2008, 2003, 2000 (Early Achiever), NT4
>>> Microsoft's Thrive IT Pro of the Month - June 2009
>>>
>>> http://www.pbbergs.com
>>>
>>> Please no e-mails, any questions should be posted in the NewsGroup This
>>> posting is provided "AS IS" with no warranties, and confers no rights.
>>>
>>> "Adriano R. Paganotto" <adriano@ccuec.unicamp.br> wrote in message
>>> news:A2A45F27-B417-4F1B-801B-A7315312CAF3@microsoft.com...
>>>> Hi,
>>>> Even setting that only administrators and GrupoA, for example, have
>>>> permission to log on locally. All users still logging log on locally at
>>>> the
>>>> stations in which the GPO should be restricted to log on. What can be?
>>>>
>>>> Thank you.
>>>>
>>>> Adriano.
>>>>
>>>
>>>
>>
>
>
Re: Setting Allow log on locally don't work. [message #301874 is a reply to message #298284] Thu, 29 October 2009 06:50 Go to previous message
Adriano  is currently offline Adriano
Messages: 7
Registered: September 2009
Junior Member
Paul, it's Portuguese (Brazil)!! :)
I did reboot the workstation and problem still.
I think that the problem is in a Domain Controller of the domain.
Despite haven't others problems in the domain, only this reported here.
Case I find the solution to this problem, I post here! :)

Thanks you for help.

Adriano.



"Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> escreveu na mensagem
news:uk$KpWjVKHA.5368@TK2MSFTNGP02.phx.gbl...
> Sorry, I can't read Spanish (I think?). If you have the computer within
> the ou, it is setup correctly and you have given this computer read and
> apply, I don't see a problem.
>
> Try placing a machine from another ou that it is working into this ou and
> see if it still works. I think you need to do a reboot, I'm not sure so I
> just do. My guess is this new machine won't work correctly either.
>
> --
> Paul Bergson
> MVP - Directory Services
> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
> 2008, 2003, 2000 (Early Achiever), NT4
> Microsoft's Thrive IT Pro of the Month - June 2009
>
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewsGroup This
> posting is provided "AS IS" with no warranties, and confers no rights.
>
> "Adriano R. Paganotto" <adriano@ccuec.unicamp.br> wrote in message
> news:97C483D9-6DB6-4742-B3CE-B09D2C9AE41F@microsoft.com...
>> Hello Paul,
>>
>> Realy I do this e always works fine.
>> I created a OU e added only one account computer in this OU.
>> In this OU I linked a GPO to set which groups that allow log on locally.
>> To avoid interference of the others GPOs in this OU,
>> I enabled block inheritance and there is not others GPOs
>> affected the account computer. follow down the log of gpresult /v:
>>
>>
>> C:\>gpresult /v
>> Ferramenta de resultados de diretiva de grupo v2.0 do Sistema operacional
>> Microsoft (R) Windows (R) XP
>> Copyright (C) Microsoft Corp. 1981-2001
>> Criado em 23/10/2009 às 13:37:05
>>
>> Resultados RSOP para XPVIRTUALTUX\Administrador em XPVIRTUALTUX : modo de
>> log
>> ------------------------------------------------------------ -----------------
>> Tipo de sistema operacional: Microsoft Windows XP
>> Professional
>> Configuração do sistema operacional: Estação de trabalho
>> membro
>> Versão do sistema operacional: 5.1.2600
>> Nome do domínio: ABC
>> Tipo de domínio: Windows 2000
>> Nome do site: Primeiro-site-padrao
>> Perfil móvel:
>> Perfil local: C:\Documents and
>> Settings\Administrador.XPVIRTUAL
>> Conectado por meio de um link lento?: Não
>>
>> CONFIGURAÇÕES DO COMPUTADOR
>> ----------------------------
>> Última vez em que a diretiva de grupo foi aplicada: 23/10/2009 at
>> 12:19:1
>> A diretiva de grupo foi aplicada de: abc.br
>> Limite de vínculo lento de diretiva de grupo: 500 kbps
>>
>> Objetos de diretiva de grupo
>> aplicados
>> -------------------------------------------
>> DenyLogon
>>
>> Os GPOs a seguir não foram aplicados porque foram filtrados
>> ------------------------------------------------------------
>> Diretivas de grupo locais
>> Filtragem: Não aplicado (vazio)
>>
>> O computador faz parte dos seguintes grupos de segurança:
>> ---------------------------------------------------------
>> Administradores
>> Todos
>> Usuários
>> REDE
>> Usuários autenticados
>> XPVIRTUALTUX$
>> Computadores do domínio
>>
>> Conjunto de diretivas resultante para o computador:
>> ----------------------------------------------------
>> Instalações de software
>> -----------------------
>> N/A
>> Scripts de inicialização
>> ------------------------
>> N/A
>> Scripts de desligamento
>> -----------------------
>> N/A
>> Diretivas de conta
>> ------------------
>> N/A
>> Diretiva de auditoria
>> ---------------------
>> N/A
>> Direitos do usuário
>> -------------------
>> GPO: DenyLogon
>> Diretiva: InteractiveLogonRight
>> Configuração do computador: Administradores
>> ABC\Administrador
>> ABC\Admins. do domínio
>> ABC\Posgraducao
>>
>> Opções de segurança
>> -------------------
>> N/A
>> Configurações de log de eventos
>> -------------------------------
>> N/A
>> Grupos restritos
>> ----------------
>> N/A
>> Serviços do sistema
>> -------------------
>> N/A
>> Configurações do Registro
>> -------------------------
>> N/A
>> Configurações do sistema de arquivos
>> ------------------------------------
>> N/A
>> Diretivas de chave pública
>> --------------------------
>> N/A
>> Modelos administrativos
>> -----------------------
>> GPO: DenyLogon
>> Config.: Software\Policies\Microsoft\Windows
>> NT\CurrentVersion\Winlogon
>> Estado: Ativada
>>
>> CONFIGURAÇÕES DO USUÁRIO
>> -------------------------
>> Última vez em que a diretiva de grupo foi aplicada: 23/10/2009 at
>> 12:31:3
>> A diretiva de grupo foi aplicada de: N/A
>> Limite de vínculo lento de diretiva de grupo: 500 kbps
>>
>> Objetos de diretiva de grupo
>> aplicados
>> -------------------------------------------
>> N/A
>> Os GPOs a seguir não foram aplicados porque foram filtrados
>> ------------------------------------------------------------
>> Diretivas de grupo locais
>> Filtragem: Não aplicado (vazio)
>> O usuário faz parte dos seguintes grupos de segurança:
>> ------------------------------------------------------
>> Nenhum
>> Todos
>> Administradores
>> Usuários
>> INTERATIVO
>> Usuários autenticados
>> LOCAL
>>
>> Conjunto de diretivas resultante para o usuário:
>> -------------------------------------------------
>> Instalações de software
>> -----------------------
>> N/A
>> Diretivas de chave pública
>> --------------------------
>> N/A
>> Modelos administrativos
>> -----------------------
>> N/A
>> Redirecionamento de pasta
>> -------------------------
>> N/A
>> Interface do usuário do navegador Internet Explorer
>> ---------------------------------------------------
>> N/A
>> Conexão do Internet Explorer
>> ----------------------------
>> N/A
>> URLs do Internet Explorer
>> -------------------------
>> N/A
>> Segurança do Internet Explorer
>> ------------------------------
>> N/A
>> Programas do Internet Explorer
>> ------------------------------
>> N/A
>>
>> C:\>
>>
>>
>>
>> "Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> escreveu na mensagem
>> news:OeE6Bu9UKHA.5368@TK2MSFTNGP02.phx.gbl...
>>> What specifically have you done? We do this and it works fine. Please
>>> describe the settings you have enabled, where the gpo is linked and what
>>> machines have the read and apply permissions set. Also, have you run
>>> Resultant Set of Policy (RSoP) against the machine that is failing?
>>> RSoP is a free snapin from Microsoft.
>>>
>>> http://support.microsoft.com/kb/323276
>>>
>>> --
>>> Paul Bergson
>>> MVP - Directory Services
>>> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
>>> 2008, 2003, 2000 (Early Achiever), NT4
>>> Microsoft's Thrive IT Pro of the Month - June 2009
>>>
>>> http://www.pbbergs.com
>>>
>>> Please no e-mails, any questions should be posted in the NewsGroup This
>>> posting is provided "AS IS" with no warranties, and confers no rights.
>>>
>>> "Adriano R. Paganotto" <adriano@ccuec.unicamp.br> wrote in message
>>> news:A2A45F27-B417-4F1B-801B-A7315312CAF3@microsoft.com...
>>>> Hi,
>>>> Even setting that only administrators and GrupoA, for example, have
>>>> permission to log on locally. All users still logging log on locally at
>>>> the
>>>> stations in which the GPO should be restricted to log on. What can be?
>>>>
>>>> Thank you.
>>>>
>>>> Adriano.
>>>>
>>>
>>>
>>
>
>
Previous Topic:Can I install Replication Monitor on server 2008 R2 ?
Next Topic:Re: DNS has wrong server holding PDC FSMO role
Goto Forum:
  


Current Time: Tue Jan 23 16:28:44 MST 2018

Total time taken to generate the page: 0.20188 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software