General discussion


secondary logon on domain controller

By dnlemmor ·
I have edited the Default Domain Policy of our Domain
Controller (windows 2000 server). On the Computer
Settings\User Right Assignment\Log On Locally, I change
the value of the local setting to a domain user account
(not a member of the Administrator Group). I do this to
enable me to logon on the server(PDC) as a user without
administrative privilege for security reasons. After this,
I can no longer log even as an Administrator, I can only
log using the account that I have assign to the Log On
Locally. The problem is that I cannot edit the Default
Domain Policy, I can't even create, add and delete GPO's
because all of the command button of the Group Policy Tab
are disabled except the Properties. I have also disable
the Windows Installer, so I can't install Terminal
Services to remotely administer the PDC.I have also tried
the Run as service but it doesn't work also. I have successfully install the adminpak.msi in a workstation (Win2kpro) to remotely administer the PDC, when I try
to access the Active Directory Users and computer an error
occred, "Naming information cannot be located because: The
server is not operational. Contact your System
Administrator to verify that your domain is properly
configured and is currently online."
How can I
resolve this problem? And how can I log on as a user
without administrative privilege?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

secondary logon on domain controller

by d.walker5 In reply to secondary logon on domain ...

I seems you added the Log on Locally user right at the Domain level. Made the change at the at the Local DC Group Policy level. Everything should work fine.

Collapse -

secondary logon on domain controller

by ewgny In reply to secondary logon on domain ...

Start up in Directory Services Restore Mode.
You can log on with the administraror account and password that you used to DCPromo. You can try to add authenticated users temporarily to the "log on locally" for the local GP at that point. then rebootand try to log on. Or in directory services restore mode you can do an authoritative restore of Active Directory, if you have a backup from prior to your change. If you have a backup of Sysvol you can replace the .inf for the Default Domain Controller policy and force replication (a little less drastic than a full AD Restore). I can walk you through that procedure if needed. Just post back.

Related Discussions

Related Forums