General discussion


Allow Log on Locally is greyed out

By russellrl2 ·
I have exchange 2003 on a windows 2003 server with SP1. I use Veritas ExecBackup on another server to do weekly backups. I cannot open the mailboxes to do a backup. Since the exchange server has a limited role in AD it has access to AD users and computers and it does not allow one to add a user to the Allow log on locally in Local Security Settings (Add is greyed out). When I open a user's profile and look at the permissions for mailbox rights the veritas has ALLOW and DENY for Full Mailbox Access. I have yet to figure out where the DENY statement is coming from. Any ideas?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by CG IT In reply to Allow Log on Locally is g ...

someone applied the user rights assignment deny log on locally to domain users. That means whoever did it doesn't want anyone logging on via the local machine account. This is configurable with either a security template or Group Policy. To view this policy for Windows XP, click start, navigate control panel, admin tools,local security policy, user rights assignment. Scroll down to find deny log on locally.

Collapse -

by CG IT In reply to

note: I used Windows XP as an example of where the deny log on locally configuration is. If you run Windows XP, use the navigation path to view the local machine policy. This local machine policy is the same as on a Windows Server. The processing of policy is in this order: local, site, domain, and OU unless the no override is applied. obviously whoever set the security policy did this either domain wide or via an OU.

Collapse -

by russellrl2 In reply to

Poster rated this answer.

Collapse -

by russellrl2 In reply to Allow Log on Locally is g ...

This question was closed by the author

Related Discussions

Related Forums