A colleague called me yesterday evening and told me about a problem he encountered at a client site where he was doing a server deployment. The problem was that after installing a server 2008 and joining it to an existing domain, he could not access the server from a client system even though the user account was a pre-existing administrator's account.
My Solution
He needs to find out what group the user in question belong to and what policies are in place for that group.
1. A quick way to find out is to start the server and run dsa.msc. this will open the active directory users and computers.
2. Click on the users' folder under the domain and this should open all the user groups (if users have been added to a group) or all the users will just be listed.
3. Right click on the user account and click on Properties
4. On the User Property dialog box, you should see Member Of as one of the tabs in the User Property dialog box. All the groups the user belongs to will be displayed when you click on the Member Of dialog box.
5. You can write out all the group the user belong to and move on to the next step.
6. Open the RUN function from the start menu and type gpmc.msc, this will open the group policy settings
7. Click on the Forest >> Domain >> Domain you are working in
8. Right click on the default domain policy and click edit
9. Under Computer Configuration, click on Policies >> Windows Settings >> Security Settings >>
10. Click on Local Policies >> User Rights
This should open all the User Right Policies that have been defined. You might need to go through each one to see what policies have been defined for the group which your user belongs to or the policies defined for the user himself.
Emphasis should be on the Allow Log on locally and Deny Log on locally.
I hope this will solve the problem.
My Solution
He needs to find out what group the user in question belong to and what policies are in place for that group.
1. A quick way to find out is to start the server and run dsa.msc. this will open the active directory users and computers.
2. Click on the users' folder under the domain and this should open all the user groups (if users have been added to a group) or all the users will just be listed.
3. Right click on the user account and click on Properties
4. On the User Property dialog box, you should see Member Of as one of the tabs in the User Property dialog box. All the groups the user belongs to will be displayed when you click on the Member Of dialog box.
5. You can write out all the group the user belong to and move on to the next step.
6. Open the RUN function from the start menu and type gpmc.msc, this will open the group policy settings
7. Click on the Forest >> Domain >> Domain you are working in
8. Right click on the default domain policy and click edit
9. Under Computer Configuration, click on Policies >> Windows Settings >> Security Settings >>
10. Click on Local Policies >> User Rights
This should open all the User Right Policies that have been defined. You might need to go through each one to see what policies have been defined for the group which your user belongs to or the policies defined for the user himself.
Emphasis should be on the Allow Log on locally and Deny Log on locally.
I hope this will solve the problem.