can't login as domain user on XP without Domain Users in Local Adm

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Remote Code Execution What might be a complete and accurate definition for the term- 'Remote Code Execution'? Thanks! Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72924
  - 2
    - Confidentiality of email We are a social service agency which does work for various funders. One of our funders now wants us to transmit our client data to them via email. I'm worried about the confidentiality issues...how real are my concerns? I always understood that email is NOT secure. We have a firewall, virus/spyware aps, etc., and the funder who wants this info is a county agency, but I'm still not convinced. We don't have an internal email system...we have a number of email address through our ISP (DSL). Should I refuse to send the data that way, or document their request and put the responsibility on them? We still feel an obligation to our clients to keep their information secure. Any advice would be appreciated! Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72916
  - 3
    - Microsoft Genuine Advantage cracked Ouch another black eye for MS... http://slashdot.org/article.pl?sid=05/06/22/2221254&from=rss -Im Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72910
  - 4
    - serialization problem for Custom class using WSE 2.0 SP2 I've created class A that includes collection of another class B. I'm trying to use class A with webservice. I've created function that returns class A. When I try to invoke the function in browser it gives me status 500. When I try to use that service with my application it also fails with â??Server was unable to process request. --> There was an error generating the XML document. --> The type Namespacename.A was not expected. Use the XmlInclude or SoapInclude attribute to specify types that are not known statically.â?? error. I am getting this problem while trying to encrypt the response message using WSE 2.0 SP2. Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72908
  - 5
    - Security Updates When I access windows updates and look for installed updates the following shows that the dl failed but they showup under add or remove programs on my computer. KB890859 KB890923 KB893066 KB893086 Anyone have any answers? -- Jim Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72903
  - 6
    - Black Market personal information thriving on the Internet This is what happends when companies do not take security serious. Too many times companies rely on security by obscurity techniques, which never works. Or they they do not push vendors to fix their security immediately. http://www.linuxsecurity.com/content/view/119384 -Imhotep Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72902
  - 7
    - CDP location I have a enterprise root and a enterprise subordinate certificate authorities. Users obtain a cert from the subordinate. I also have ISA 2004, Exchange 2003 (w SP1). My internal server name is server1.domain.com I want to have external users look for the crl at secure.domain.com I have published it in ISA 2004 to do that. I then removed the server1.domain.com http link from the subordinate extensions and put a http link to secure.domain.com in its place. Now external exchange organizations with outlook 2003 cannot verify the CRL. When they view the cert from their machine they can see the CDP, if they copy and paste it to a browser, it opens the crl. Why isn't it automatically working like it did when i left the default location and published it as is through isa? Thanks Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72895
  - 8
    - Monitor (read) network traffice BEFORE it's encrypted? Hi folks, Is there any way to monitor my network traffic before it's encrypted via group policy with IP/Sec? At our organization, we need to encrypt all traffic to satisfy auditors, but we would still like to be able to be able to read the traffic via Ethereal, Etherpeek, etc. if we choose to. I'm wondering if some NIC's may allow this (Intel S series, etc.) before the traffic is encrypted? Also, is there any way as Administrators to be "alerted" if, and when, someone on the wire IS monitoring the traffic??? Suggestions? Thanks, Ed Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72885
  - 9
    - Login without password... Server = Win2K3SvrEE Workstation = Win2KPro Is there any way to allow, from the server, a user to login without a password? I have a user set up with a username, but a blank password. Is this possible? Thanx. Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72883
  - 10
    - 66.221.53.1 why does Microsoft media player 10 phone home? MMP phones home through this address 66.221.53.1. Why is it phoning home? What is it phoning home? Reverse DNS says it's 1-53-221-66.cust.propagation.net. When I link to ip in browser http://66.221.53.1 and the media player is running local content it causes it to disconnect, which is odd behaviour. Just curious, John Dolinka Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72882
  - 11
    - Multi-site / Only 1 DC / Connectivity Loss / Authentication ???? Dear all, I have a multi-site Win2k3 native domain structure which consists of 7 sites (branch offices) but only one DC located in HQ... Sometimes we may experience connectivity problems with the branch offices and during this period clients located in the branch offices have difficulties accessing resources on thier file servers in their LAN... Now the question(s): 1) If I deploy additional DCs on each site, does it solve my client/user authentication/authorization problem? 2) If not, what shall I do? Thx in advance, Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72879
  - 12
    - CA enrollment issues. I'm implementing the 802.11 wireless using Windows. My network consist of 2 forest and one child. In domain A I created a Enterprise CA "its a windows 2003 standard server" and started auto enrolling certificate to computers in domain A and everything is fine. In the other two domains certifiactes arent getting issued. Is CA only domain specific? Can I have one CA to be responsible for the enterprise?I made the same group policy change in domain B and C as I did A. Thoughts? -Michael Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72877
  - 13
    - Login Reports I want to get a report of all of the users currently logged into my Active Directory (Windows 2003 SP1) domain. I also want to know the name of the computer from which every user is currently logged in. How do I do this? Thanks. -- Regards, Ward Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72876
  - 14
    - hotmail - lost password Someone kindly hacked into my daughters hotmail. Changed password & question Emailed hotmail security but it seems account is lost User name the same - can password be found - then changed back to original - then account accessed & new pass & question? Any Ideas please? If account lost can contacts be retrieved? Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72869
  - 15
    - Disallow change password from some computers Is there a way to disallow password changes from certain machines without completely removing a users ability to change their own password? Even just hiding/disabling the "Change Password" button on the Windows Security screen (CTRL-ALT-DEL) would probably suffice. Here's where I'm coming from: we have a large number of users in satellite offices and working out of their homes. They all have laptops that they use for 75% of their work but they're still regularly required to access our Terminal Servers for various reasons. We force users to change password regularly. Every now and then though one of the remote users will change the password VIA the terminal server - which updates it on the corporate LAN but leaves their laptop out of synch. Invariably they then end up locking themselves out. Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72858
  - 16
    - MS targeting BitTorret? http://it.slashdot.org/article.pl?sid=05/06/21/173237&from=rss -Im Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72857
  - 17
    - UrlAllowList does not work for UNC paths on Windows 2000 Pro I have followed the instructions found in http://support.microsoft.com/kb/896054 under 'method 1 Modify the ItssRestrictions registry entry to enable a specific Web application' and it seems to work for Windows XP when the CHM file lives on a network resource being accessed by either a Mapped Drive or UNC path. It also seems to work for Windows 2000 only if the CHM is accessed using a mapped drive. It does not work for Windows 2000 if the CHM file is accessed using a UNC path. The only way I can access a CHM from a network resource using a UNC path on Windows 2000 is by using 'Method 2 Modify the ItssRestrictions registry entry to enable a specific security zone'. I would prefer to use method 1 for Windows 2000 since it's more secure, does anyone know if this is possibile. Thanks! Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72855
  - 18
    - Windows 2000 server hacked I have a Windows 2000 server that was hacked. The OS partition is on a 4 gig drive. The OS and profiles take up about 1.5 gig. When I look at the drive properties, it says I only have 80 mb free. That means someone is storing almost 3 gig of stuff on my omputer. I have used every tool and command line I can to find the data, but nothing will read the directory structure. All attempts come back displaying just the data that was original to the system. The hackers must have done something to the system to hide" their data from anything that reads NTFS. I also cannot empty my recycle bin. It tells me that one of the folders is not empty. When I look at that folder nothing is in it. Does anyone have an idea on how to access this data so I can find it and delete it from my system. As of now, I am looking at the format/reload method, but I would rather not do that. Thanks in advance. Rick Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72854
  - 19
    - ZoneAlarm Configuration Help ZA free version 5.5.094.000 (latest/current) on XP Home and W98SE Under Firewall Zones there is an entry for the Adapter Subnet that is apparently present by default 192.168.1.102. Also apparently by default it is set to the internet zone. If I understand correctly I was supposed to enter a range of IPs for my local workgroup 192.168.1.100-192.168.1.150 and set it to trusted; I did that. These IPs are assinged by DHCP from my Belkin wireless router which I set to assign starting at 192.168.1.100. Also I set the Belkin to have the IP/gateway address 192.168.1.77. Why is 192.168.1.102 for the local Adapter set to internet; it's a 3c905? It is possible to change it to trusted. Which is right? Currently 192.168.1.102 is both set to internet zone by the Adapter Subnet line and by the range line for the local workgroup which is set to trusted. What is the zone for 192.168.1.102 internet or trusted? Does the order a line appears in the zone list make any difference? So do I need to add a ZA zone entry 192.168.1.77 and set it to the internet zone? Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72851
  - 20
    - Computer in a Workgroup Access in a Domain Setting I noticed that when a new computer is being built [Windows 2000, Windows XP or even a Windows 2003], and before it is added to the domain, it can access resources on a file server [a Windows 2000 server]. The domain is Windows 2003 functional. How can that be tightened down? Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72846
  - 21
    - Windows Spyware Beta Does anyone have some comments regarding the Windows Spyware Beta download. I wanted to get some feedback before downloading. I want to get the good and bad side to help me to decide. Thank you in advance. -- gjm Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72840
  - 22
    - signing in My cousin and I both sign in on this computer and as soon as we get on the main internet it signs me in. Mostly because i accidentally checked the sign in automatically box. I want to have nobody signed in automatically. How do i do that?? Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72839
  - 23
    - Password on messanger I want to have my msn messanger password protected. I want it to ask for my password every time I want to sign in. Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72836
  - 24
    - licensing Is there any licensing sofware that microsoft supply so such as a software asset management type of software for a company so it can be managed internally. If so could you please direct me to the link to find this. kind Regards Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72833
  - 25
    - automatic log off of user after idle time Is there a way to configure Windows XP so that I am automatically logged off if I'm not at my computer for 5 or 10 min? I was able to set one comptuer this way, but I can't set this other computer. -- Laura, newbie Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72831
- Next
  - 1
    - MS05-025 for NT4 with IE6 SP1 Anyone know if there is a patch for IE6-SP1 in NT4 other than IE6.0sp1-KB883939-SMS-Deploy-KB899950-x86-ENU.EXE? This patch apparently runs properly however MBSA keeps alerting to the fact that the patch is missing... Can I conclude that in fact there is no way of patching NT4 in order to address MS05-025? Any help into this matter would be appreciated. Thanks JCO Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72826
  - 2
    - Security problems using XP SP2 I've got a service running as Local System account that calls CreateProcessWithLogonW to run a script as a certain administrator account. Like so: STARTUPINFOW si; PROCESS_INFORMATION pi; ZeroMemory( &si, sizeof(si) ); si.cb = sizeof(si); ZeroMemory( &pi, sizeof(pi) ); CreateProcessWithLogonW( L"admin", // username NULL, // domain L"admin", // password 0, // logon flags NULL, // No application name (use command line) &command[0], // command line 0, // No creation flags. NULL, // Use parent's environment block. NULL, // Use parent's starting directory. &si, // Pointer to STARTUPINFO structure. &pi ) // Pointer to PROCESS_INFORMATION structure. ) This worked fine until Service Pack 2 was installed, now the call fails with 'Access is denied'. However, if i change the service to run as the same 'admin' account used in the Create.. call there is no problem. I'd rather not have to do this. Anyone else had similar problems and know of a better (proper) solution?? Thanks in advance Paul Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72821
  - 3
    - How to make my portable drive accessible to my account only on two Windows XP SP2? Hello How to make my portable drive accessible to my account only at my work and home Windows XP SP2 computers? My work Windows XP SP2 computer is in a domain. Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72807
  - 4
    - CA autoenroll i am responsible of a network which is described as follows: 4 sites, (1,2,3,4) site (1) is center of replicatin to sites (2,3,4), while it have a high speed wan to site (2), the wan connection to sites (3,4) is some how slow with high latency. which forced me to use smtp site links as replication failed using IP site links, which lead me to install an enterprise CA, i did it before and everything was working ok, this time i face an autoenrollment access denied error which i fear will result in a problem in smtp replication. do i have a work around for this error? & what might be causing it? i know it might seem an Active directory question but it is replication is working ok between site (1,2) and also i got CA issuing cert's for basic EFS, the Root DC, & a Win XP computer, but i don't know why it isnot issuing for the other DC's? help is grealty appeciated as i have two sites (3,4) not replicating to root DC, thanks -- Eng. M William -- Eng. M William Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72802
  - 5
    - Wallpaper Changed And Disabled Hi. This is my first time writing in here because I have never had anything this severe happen to me before. To begin I do have and always have had running Microsoft AntiSpyware and AVG AntiVirus. So it suprised me how this problem occured. Here's how it begins. I leave my computer on over night with active internet connection downloading the Battlefield 2 demo :) I wake up next morning to check the game out only to find my wallpaper has been changed to "System Stopped" and some annoying antispyware program that keeps popping up called "SpySherriff" that I never downloaded before in my life. The really mest up part is that when I try to change my wallpaper back to normal going under Display Properties and Desktop everything is all grayed out and I can't change or click anything. I ran virus checks and spyware checks with my programs. But found nothing! If you guys have any help to offer please please please let me know. Thanks. Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72797
  - 6
    - How can you send 'malware' over port 443 to mywebserver ? Often I hear people saying that one of the benefits of an application layer firewall (let's say ISA 2004) is that SSL traffic can be unencrypted, scanned and then re-encrypted and sent to the respective webserver. My question is this: What's the mechanism that could allow somebody to send, let's say a virus or a malware over port 443 that could hurt my OWA server, for example ? Since people is retrieving data from such web server (that is now protected by ISA), I don't understand well the process that you could use to submit data over this SSL tunnel and hit the webserver that way. Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72793
  - 7
    - Check if specific updates are installed Hello, Does some know some specific tool that can I check if 2 critical updates are installed on my workstations? How can I get this information from my OS? For example: I have to check if the patch MS05-0XX are installed in all my workstations (about 200 computers), I have the hostname of these computers. The idea is create some .bat file that can get each hostname and it do the checkup, it will generate a file that I can be able to import in MS Excel to generate the report. The OS installed on my computers are WIN2K and WINXP. Obs.: I don't have the SMS; MBSA check all patchs, I just want to check if 1 or 2 are installed. Thanks in advanced, -- Filipe Lussana Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72792
  - 8
    - On-demand video won't work for me From: Thomas L. Jones, Ph.D., Computer Science The subject of this complaint is an on-demand video located at: http://www.microsoft.com/events/series/securityexperts.mspx#TechNet%20Webcasts You may have to take steps to work around a problem caused by the line break. I must say, it is difficult indeed to "demand" this video. I was already registered for Passport, but soon the software started asking me this, and asking me that. Finally, it asked me for my name, absolutely the last thing a program ever asks in a computer context. I mean, what is my name? Thomas Jones? Thomas L Jones? Thomas L. Jones? Dr. Thomas Jones, etc., etc. Then I was forced to change browsers. If the webcasts are Internet Explorer only, please say so at the top level. And get this: The videos are seemingly that d--- broadband only content, UNLABELED broadband only content. Finally, having tried for more than an hour, I gave up, cussing. Thomas L. Jones, Ph.D., curmudgeon Member, Society for the Abolition of Unlabeled Broadband-only Content DrJones6txnospamyq@alum.MIT.edu Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72788
  - 9
    - Cant get rid of W32.Sober.O@mm I have norton anti +++ on my pc. tried the tool provided by Symantec / Norton + Mcafee (stinger). Still i cant get rid of this god damn worm. Can anyone give me a simplified version of what it does. How to get it out of my system. Regards Timmy Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72781
  - 10
    - Problems logging out of Passport OK, I have been having repeated inability to log out of hotmail, by clicking "signout." It produces a screen that displays a red "x" next to hotmail meaning it was unable to log out. I have a suspicion that my account may have been co-opted by someone, as my computer has alerted that the certificate is not recognized and i received an email from an acquantaince that suggested I had sent them something I know I hadn't. Any ideas? Thanks. Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72779
  - 11
    - mass storage device I have a flash USB 2 memory stick which was working perfectly. It now thinks it is a security device (not a mass storage device) and the computer (or any computer) can't open it - any suggestions what I've done or how I can access the valuable data on the stick Thanks Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72770
  - 12
    - Smart Card based Logon & User ID and Password Hello group, Regarding Smart Card based logon, all of the documention I'm reading indicates that in order for this to work, the username field in AD must contain the EID number off of the Smart Card. My question is, is there a way to maintain the username field as an actual name instead of an IED? -- Nestor L. Cabrera Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72753
  - 13
    - Firewall and Group Policy Hello: I currently have disabled MS firewall on LAN connections and enabled on Wireless and Dialup not allowing file and print sharing or remote desktop/assistance. For my users it is more important to keep them secure when not on our LAN which has a nice hardware firewall to protect them. I have been toying with the idea of enabling the firewall on XP machines and maybe 2003 servers through Group Policy allowing the exceptions necessary for me to remotely administer the services, update virus software, install patches, etc. My concern is Windows firewall does not allow exception for each individual connection, seems it is a one for all configuration. If you have Group Policy firewall connections will they also be applied when the user is not physically connected to the domain? Even if they sign onto domain using cached credentials? Needless to say it is more important to protect my laptops over unsupervised wireless and dialup connections than on our protected LAN. It would be a nice improvement to MS firewall to allow different exceptions for each connection. Thanks, Cindy Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72752
  - 14
    - Do not have permission to view or edit permission settings for a folder Hello I get "You do not have permission to view or edit the current permission settings for (folder name), but you can change auditing settings." I how to regain access to this folder? This happened because I mistakenly removed every account except "CREATOR OWNER" and my account at work "äÍÉÔÒÉÊ ëÏÐÎÉÞÅ× (Kopnichev@clearing.ru)" from my portable HDD Security Properties and changed the owner to "äÍÉÔÒÉÊ ëÏÐÎÉÞÅ× (Kopnichev@clearing.ru)". Please, Help! Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72737
  - 15
    - Access is denied to some my folders. How to regain access? Hello I mistakenly removed every account except "CREATOR OWNER" and my account at work "äÍÉÔÒÉÊ ëÏÐÎÉÞÅ× (Kopnichev@clearing.ru)" from my portable HDD Security Properties, and access to some folders on my portable HDD became denied. How to regain the access to all my HDD folders? Thanks. Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72733
  - 16
    - Will I have full control over my portable HDD at home computer? Hello My portable HDD Security Properties contain "CREATOR OWNER" and my account at work "äÍÉÔÒÉÊ ëÏÐÎÉÞÅ× (Kopnichev@clearing.ru)". Will I have full control over my portable HDD at home computer? How to make sure that I will have full control over my portable HDD at home computer? Thanks. Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72726
  - 17
    - anti virus I downloaded virus protection software "AntiVir" because my NAV (Norton) did not catch some Trojans and Backdoors (I have current definitions). The "AntiVir" detects all any idea why? Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72722
  - 18
    - MS05-25 Security Update Am expieriencing a problem with systems that have loaded this security update. It affects their ability to open document library folders in a web folders view on a sharepoint server. Has anyone else seen this and if so is there a fix? Thanks Kurt Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72711
  - 19
    - Certificate Authority type I was brought into an environment without good documentation and am trying to figure out what types of CA's are present. I have 2 servers (both domain controllers). One is a Root Certificate authority, the other is a subordinate. I'm trying to determine if they are enterprise, or standalone. Is there someway I can tell which it is? I can't find it in the MMC. Is there a registry key that would tell me what kind it is? I would assume they are enterprise but the previous admin wasn't very good and left on bad terms so I can't ask and can't afford to assume. Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72709
  - 20
    - Using delegation to grant dc event log access Does anyone know if there are delegation options available that would allow you to give a group Read access to domain controller event logs? Either a single dc or all of them in a domain. Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72702
  - 21
    - Service Account Certficates Hello Everyone, I have issued a certificate to a Service Account's certificate store. Does anyone know how to turn on certificate authentication for service accounts? Is it a registry change or local security setting or something else? thanks, Terence Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72701
  - 22
    - what type of certificate authority? I was brought into an environment without good documentation and am trying to figure out what types of CA's are present. I have 2 servers (both domain controllers). One is a Root Certificate authority, the other is a subordinate. I'm trying to determine if they are enterprise, or standalone. Is there someway I can tell which it is? I can't find it in the MMC. Is there a registry key that would tell me what kind it is? I would assume they are enterprise but the previous admin wasn't very good and left on bad terms so I can't ask and can't afford to assume. Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72700
  - 23
    - webserver + file&print sharing enabled In my organization we have a Win2003+IIS6.0 server with a website available on the Internet. Such webserver resides in the internal network. File & Print Sharing for MS Networks is enabled on this box. We have internal users that access this server via UNC path and update the website there by dumping content to the \\myserver\share-iis. Question is this, if I use a reverse proxy (ISA 2004) to publish such website that resides on this Win2003 server, do you consider it is alright leaving this box as is ? I mean, leave it with access via NetBIOS (F&P sharing) enabled so that people can use from the internal network ? Or it would be considerably more secure work setting up a staging server and leave this box only as a webserver ? Then put a tool on the Webserver that could upload content from the 'staging' server ? The point is here is this, do you think the fact I am publishing this via ISA 2004 (or any similar product) makes this secure enough to keep File & Print sharing turned on ? Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72699
  - 24
    - Automatically updated? I have XPHome, SP3. I have my PC set to automatically download and install updates. The only problem I have with this is that I don't know how to tell if all updates have in fact been installed. I'm assuming that the automatic updates also include the update put out monthly. How do I find out if all everything is in fact up to date? Thanks for any advice. Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72697
  - 25
    - File Permission Issue I'm having an interesting issue with file/folder permissions. I create a folder on a share drive and populate it with files. When I go back to the security tab, it tells me that I only have permission to view the security of the files even though Everyone/Full control is the permission setting and I am the owner of the folder. Any thoughts? Thanks Dan Tag: can't login as domain user on XP without Domain Users in Local Adm Tag: 72694

Can somebody give me an idea of where I should look to fix this? The problem
is currently Domain Users are added to the Administrators group on the local
XP Pro SP 2 workstation and we would like to remove them and have them from
from the Local Users group. However, when I do this if we try to logon a
domain users to the domain on the workstation, it says that the user is not
allowed to log on interactively and refuses logon.

I've checked the domain controller policy and domain policy to make sure
they are not added to the disallow local logon entry.

This is a Windows Standard 2003 SP1 server.

Top

Re: can't login as domain user on XP without Domain Users in Local Adm by Roger

Roger
Thu Jun 23 13:06:16 CDT 2005

The machine's local policy does not recognize the account as having
granted to it the User Right to Log on locally.
This is needed. Also, an account will not successfully log into an
XP machine at the console for an interactive sessions if it is not a
member of that machine's Users group (one way or another).
You could 1) make sure that the proper accounts are granted
the Log on locally User Right at each respective machine, and 2)
add the proper accounts to the machine's Users group or add
INTERACTIVE to it

--
Roger Abell
Microsoft MVP (Windows Security)

"Jesse C" <JesseC@discussions.microsoft.com> wrote in message
news:5CF20647-6CC6-4B5A-8070-1D6769C450C2@microsoft.com...
> Can somebody give me an idea of where I should look to fix this? The
problem
> is currently Domain Users are added to the Administrators group on the
local
> XP Pro SP 2 workstation and we would like to remove them and have them
from
> from the Local Users group. However, when I do this if we try to logon a
> domain users to the domain on the workstation, it says that the user is
not
> allowed to log on interactively and refuses logon.
>
> I've checked the domain controller policy and domain policy to make sure
> they are not added to the disallow local logon entry.
>
> This is a Windows Standard 2003 SP1 server.

Top