Not authorized to logon to Domain from this PC - error message

We are migrating some special, secured, PCs to a new Active Directory Domain.

A central IT technician was dispatched to lock down the PC and verify the PCs Information
Assurance level.

In the process Domain Users get (not exact quote) "Not authorized to logon to Domain from
this PC" as an error message when attempting a logon.

Only Domain Admins. can logon.

Any advice ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Roger
Wed Mar 05 08:19:34 CST 2008

In a machine's local security policy (or controlled by GPO but still
showing with gpedit) are user rights, including the user right to
Log on locally and a Deny logon locally.
Normally a domain joined machine has Users granted local logon,
and has Domain Users, Interactive, and Authenticated Users as
members of Users.
It sounds like something was broken in that linkage (good, as it
is needed to secure a machine from broad access) but was not
replaced with the needed.
For example, if domain\SpecialUsers need access, then that group
needs local login right either directly or more likely by being in
the machine's Users group which same is local logon.

Roger

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:%234CfrHkfIHA.5208@TK2MSFTNGP04.phx.gbl...
> We are migrating some special, secured, PCs to a new Active Directory
> Domain.
>
> A central IT technician was dispatched to lock down the PC and verify the
> PCs Information
> Assurance level.
>
> In the process Domain Users get (not exact quote) "Not authorized to logon
> to Domain from
> this PC" as an error message when attempting a logon.
>
> Only Domain Admins. can logon.
>
> Any advice ?
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>

Kerry
Wed Mar 05 08:35:16 CST 2008

How were the PCs locked down? Group policy? Look for the "Allow logon
locally" setting under

Computer configuration => Windows settings => Local policies => User rights
assignments

This would give a slightly different error message though so it may not be
the answer.

--
Kerry Brown
Microsoft MVP - Windows Desktop Experience
http://www.vistahelp.ca/phpBB2/



"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:%234CfrHkfIHA.5208@TK2MSFTNGP04.phx.gbl...
> We are migrating some special, secured, PCs to a new Active Directory
> Domain.
>
> A central IT technician was dispatched to lock down the PC and verify the
> PCs Information
> Assurance level.
>
> In the process Domain Users get (not exact quote) "Not authorized to logon
> to Domain from
> this PC" as an error message when attempting a logon.
>
> Only Domain Admins. can logon.
>
> Any advice ?
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>

David
Wed Mar 05 15:07:44 CST 2008

From: "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m>

| How were the PCs locked down? Group policy? Look for the "Allow logon
| locally" setting under
|
| Computer configuration => Windows settings => Local policies => User rights
| assignments
|
| This would give a slightly different error message though so it may not be
| the answer.
|

Thanx Kerry & Roger:

Apparently Registry settings were modified for local policies such that if the Security Log
was full only an administrator could logon. They remotely pulled the security Log but did
not change the settings to allow Domain Users to logon through the Domain.

By 3:40 pm, the issue was resolved. However I had to deal with cranky users unable to
access that Domain from that PC.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp