Questions

Add User button is grayed out in User Rights Assignment

+
0 Votes
Locked

Add User button is grayed out in User Rights Assignment

wrathyimp
Hi,

I need to add a admin user account to "Act as part of the operating system" policy under:
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\

But the Add User or Group button is grayed out, so i cannot add the user.

Issue is to start my cluster services on Node 2, as its giving error 1314 A required privilege is not held by client.

But the admin user account is added to Act as part of Operating System in Node 1.
  • +
    0 Votes
    OH Smeg

    That's fairly important.

    Col

    +
    0 Votes
    wrathyimp

    Totally missed it.

    Windows 2003 SP1

    +
    0 Votes
    wrathyimp

    I ran GPResult, and got the following output: (Domain name changed)

    Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
    Copyright (C) Microsoft Corp. 1981-2001

    Created On 8/26/2012 at 5:44:58 PM


    RSOP data for DOMAIN\adminmk on NODE2 : Logging Mode
    --------------------------------------------------------

    OS Type: Microsoft(R) Windows(R) Server 2003, Enterprise Ed
    tion
    OS Configuration: Additional/Backup Domain Controller
    OS Version: 5.2.3790
    Terminal Server Mode: Remote Administration
    Site Name: Default-First-Site-Name
    Roaming Profile:
    Local Profile: C:\Documents and Settings\adminmk
    Connected over a slow link?: No


    COMPUTER SETTINGS
    ------------------
    CN=DOMAIN,OU=Domain Controllers,DC=domain,DC=local
    Last time Group Policy was applied: 8/26/2012 at 5:41:20 PM
    Group Policy was applied from: node1.domain.local
    Group Policy slow link threshold: 500 kbps
    Domain Name: DOMAIN
    Domain Type: Windows 2000

    Applied Group Policy Objects
    -----------------------------
    Default Domain Controllers Policy
    Remote Assistant and Windows Firewall
    Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
    Local Group Policy
    Filtering: Not Applied (Empty)

    The computer is a part of the following security groups
    -------------------------------------------------------
    BUILTIN\Administrators
    Everyone
    IIS_WPG
    Exchange Enterprise Servers
    BUILTIN\Pre-Windows 2000 Compatible Access
    BUILTIN\Users
    Windows Authorization Access Group
    NT AUTHORITY\NETWORK
    NT AUTHORITY\Authenticated Users
    This Organization
    NODE2$
    Exchange Domain Servers
    Domain Controllers
    NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
    Exchange Enterprise Servers


    USER SETTINGS
    --------------
    CN=Abdul Mutallib (Support Account),OU=Support,DC=domain,DC=local
    Last time Group Policy was applied: 8/26/2012 at 5:24:09 PM
    Group Policy was applied from: node2.domain.local
    Group Policy slow link threshold: 500 kbps
    Domain Name: DOMAIN
    Domain Type: Windows 2000

    Applied Group Policy Objects
    -----------------------------
    Default Domain Policy
    Local Group Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
    Remote Assistant and Windows Firewall
    Filtering: Not Applied (Empty)

    The user is a part of the following security groups
    ---------------------------------------------------
    Domain Users
    Everyone
    Node1 $ Acronis Remote Users
    Exchange Enterprise Servers
    BUILTIN\Administrators
    BUILTIN\Users
    BUILTIN\Pre-Windows 2000 Compatible Access
    NT AUTHORITY\INTERACTIVE
    NT AUTHORITY\Authenticated Users
    This Organization
    LOCAL
    Exchange Domain Servers
    Domain Admins
    Group Policy Creator Owners
    SMSMSE Admins
    Schema Admins
    Exchange Services
    Enterprise Admins
    Node1 $ Acronis Remote Users
    Exchange Enterprise Servers

    +
    0 Votes
    wrathyimp

    It looks like the "Default Domain Controller Policy" has the user account as "Act as part of Operating System"

    But not define under "Default Domain Security Settings" or the "Remote Assistant and Windows Firewall" or any other Policies.

    Same goes for the Node1, but the cluster service is working on the Node1, but not working on Node2.

  • +
    0 Votes
    OH Smeg

    That's fairly important.

    Col

    +
    0 Votes
    wrathyimp

    Totally missed it.

    Windows 2003 SP1

    +
    0 Votes
    wrathyimp

    I ran GPResult, and got the following output: (Domain name changed)

    Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
    Copyright (C) Microsoft Corp. 1981-2001

    Created On 8/26/2012 at 5:44:58 PM


    RSOP data for DOMAIN\adminmk on NODE2 : Logging Mode
    --------------------------------------------------------

    OS Type: Microsoft(R) Windows(R) Server 2003, Enterprise Ed
    tion
    OS Configuration: Additional/Backup Domain Controller
    OS Version: 5.2.3790
    Terminal Server Mode: Remote Administration
    Site Name: Default-First-Site-Name
    Roaming Profile:
    Local Profile: C:\Documents and Settings\adminmk
    Connected over a slow link?: No


    COMPUTER SETTINGS
    ------------------
    CN=DOMAIN,OU=Domain Controllers,DC=domain,DC=local
    Last time Group Policy was applied: 8/26/2012 at 5:41:20 PM
    Group Policy was applied from: node1.domain.local
    Group Policy slow link threshold: 500 kbps
    Domain Name: DOMAIN
    Domain Type: Windows 2000

    Applied Group Policy Objects
    -----------------------------
    Default Domain Controllers Policy
    Remote Assistant and Windows Firewall
    Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
    Local Group Policy
    Filtering: Not Applied (Empty)

    The computer is a part of the following security groups
    -------------------------------------------------------
    BUILTIN\Administrators
    Everyone
    IIS_WPG
    Exchange Enterprise Servers
    BUILTIN\Pre-Windows 2000 Compatible Access
    BUILTIN\Users
    Windows Authorization Access Group
    NT AUTHORITY\NETWORK
    NT AUTHORITY\Authenticated Users
    This Organization
    NODE2$
    Exchange Domain Servers
    Domain Controllers
    NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
    Exchange Enterprise Servers


    USER SETTINGS
    --------------
    CN=Abdul Mutallib (Support Account),OU=Support,DC=domain,DC=local
    Last time Group Policy was applied: 8/26/2012 at 5:24:09 PM
    Group Policy was applied from: node2.domain.local
    Group Policy slow link threshold: 500 kbps
    Domain Name: DOMAIN
    Domain Type: Windows 2000

    Applied Group Policy Objects
    -----------------------------
    Default Domain Policy
    Local Group Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
    Remote Assistant and Windows Firewall
    Filtering: Not Applied (Empty)

    The user is a part of the following security groups
    ---------------------------------------------------
    Domain Users
    Everyone
    Node1 $ Acronis Remote Users
    Exchange Enterprise Servers
    BUILTIN\Administrators
    BUILTIN\Users
    BUILTIN\Pre-Windows 2000 Compatible Access
    NT AUTHORITY\INTERACTIVE
    NT AUTHORITY\Authenticated Users
    This Organization
    LOCAL
    Exchange Domain Servers
    Domain Admins
    Group Policy Creator Owners
    SMSMSE Admins
    Schema Admins
    Exchange Services
    Enterprise Admins
    Node1 $ Acronis Remote Users
    Exchange Enterprise Servers

    +
    0 Votes
    wrathyimp

    It looks like the "Default Domain Controller Policy" has the user account as "Act as part of Operating System"

    But not define under "Default Domain Security Settings" or the "Remote Assistant and Windows Firewall" or any other Policies.

    Same goes for the Node1, but the cluster service is working on the Node1, but not working on Node2.