Questions

Add User button is grayed out in User Rights Assignment

+
0 Votes
Locked

Add User button is grayed out in User Rights Assignment

wrathyimp
Hi,

I need to add a admin user account to "Act as part of the operating system" policy under:
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\

But the Add User or Group button is grayed out, so i cannot add the user.

Issue is to start my cluster services on Node 2, as its giving error 1314 A required privilege is not held by client.

But the admin user account is added to Act as part of Operating System in Node 1.
+
0 Votes
OH Smeg

That's fairly important.

Col

+
0 Votes
wrathyimp

Totally missed it.

Windows 2003 SP1

+
0 Votes
wrathyimp

I ran GPResult, and got the following output: (Domain name changed)

Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 8/26/2012 at 5:44:58 PM


RSOP data for DOMAIN\adminmk on NODE2 : Logging Mode
--------------------------------------------------------

OS Type: Microsoft(R) Windows(R) Server 2003, Enterprise Ed
tion
OS Configuration: Additional/Backup Domain Controller
OS Version: 5.2.3790
Terminal Server Mode: Remote Administration
Site Name: Default-First-Site-Name
Roaming Profile:
Local Profile: C:\Documents and Settings\adminmk
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
CN=DOMAIN,OU=Domain Controllers,DC=domain,DC=local
Last time Group Policy was applied: 8/26/2012 at 5:41:20 PM
Group Policy was applied from: node1.domain.local
Group Policy slow link threshold: 500 kbps
Domain Name: DOMAIN
Domain Type: Windows 2000

Applied Group Policy Objects
-----------------------------
Default Domain Controllers Policy
Remote Assistant and Windows Firewall
Default Domain Policy

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)

The computer is a part of the following security groups
-------------------------------------------------------
BUILTIN\Administrators
Everyone
IIS_WPG
Exchange Enterprise Servers
BUILTIN\Pre-Windows 2000 Compatible Access
BUILTIN\Users
Windows Authorization Access Group
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
This Organization
NODE2$
Exchange Domain Servers
Domain Controllers
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
Exchange Enterprise Servers


USER SETTINGS
--------------
CN=Abdul Mutallib (Support Account),OU=Support,DC=domain,DC=local
Last time Group Policy was applied: 8/26/2012 at 5:24:09 PM
Group Policy was applied from: node2.domain.local
Group Policy slow link threshold: 500 kbps
Domain Name: DOMAIN
Domain Type: Windows 2000

Applied Group Policy Objects
-----------------------------
Default Domain Policy
Local Group Policy

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Remote Assistant and Windows Firewall
Filtering: Not Applied (Empty)

The user is a part of the following security groups
---------------------------------------------------
Domain Users
Everyone
Node1 $ Acronis Remote Users
Exchange Enterprise Servers
BUILTIN\Administrators
BUILTIN\Users
BUILTIN\Pre-Windows 2000 Compatible Access
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
Exchange Domain Servers
Domain Admins
Group Policy Creator Owners
SMSMSE Admins
Schema Admins
Exchange Services
Enterprise Admins
Node1 $ Acronis Remote Users
Exchange Enterprise Servers

+
0 Votes
wrathyimp

It looks like the "Default Domain Controller Policy" has the user account as "Act as part of Operating System"

But not define under "Default Domain Security Settings" or the "Remote Assistant and Windows Firewall" or any other Policies.

Same goes for the Node1, but the cluster service is working on the Node1, but not working on Node2.