|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Logon issue in a 2 domain trust - Win 2003Hello,
I have two Windows 2003 DCs. named them as below for example: DC1: abc.com DC2: xyz.com Trust between the two has been created (Two way) and that went through fine. however the problem is this I'm trying to log into DC1 (abc.com) with a user created in (xyz.com) the domain is shown in the drop down section when trying to login. however after trying the credentials this is the error I get "The local policy of this system does not permit you to logon interactively" I have search around for that error message and tried almost all solutions mentioned but doesn't seem to work. any ideas would be much appreciated. -- kgangulw ------------------------------------------------------------------------ kgangulw's Profile: http://forums.techarena.in/members/83749.htm View this thread: http://forums.techarena.in/active-directory/1144590.htmhttp://forums.techarena.in What solutions have you tried? It is kind of hard to help you if you don't
provide all the details. Check the local policy of your machine as well as the domain policy to see if there is anything set in either the deny or allow for "Allow log on locally". GPO Edit Computer Configuration \ Windows Settings \ Security Settings \ Local Policies \ User Rights Assignments \ Allow Log on locally -- Show quoteHide quotePaul Bergson MVP - Directory Services MCTS, MCT, MCSE, MCSA, Security+, BS CSci 2008, 2003, 2000 (Early Achiever), NT4 http://www.pbbergs.com Please no e-mails, any questions should be posted in the NewsGroup This posting is provided "AS IS" with no warranties, and confers no rights. "kgangulw" <kgangulw.3pcdrd@DoNotSpam.com> wrote in message news:kgangulw.3pcdrd@DoNotSpam.com... > > Hello, > > I have two Windows 2003 DCs. named them as below for example: > > DC1: abc.com > DC2: xyz.com > > Trust between the two has been created (Two way) and that went through > fine. > > however the problem is this > I'm trying to log into DC1 (abc.com) with a user created in (xyz.com) > > the domain is shown in the drop down section when trying to login. > however after trying the credentials this is the error I get > > "The local policy of this system does not permit you to logon > interactively" > > I have search around for that error message and tried almost all > solutions mentioned but doesn't seem to work. any ideas would be much > appreciated. > > > -- > kgangulw > ------------------------------------------------------------------------ > kgangulw's Profile: http://forums.techarena.in/members/83749.htm > View this thread: http://forums.techarena.in/active-directory/1144590.htm > > http://forums.techarena.in > In news:kgangulw.3pcdrd@DoNotSpam.com, kgangulw <kgangulw.3pcdrd@DoNotSpam.com>, posted the following:Show quoteHide quote > Hello, In addition to Paul's questions, and yes, more info would be helpful, but > > I have two Windows 2003 DCs. named them as below for example: > > DC1: abc.com > DC2: xyz.com > > Trust between the two has been created (Two way) and that went through > fine. > > however the problem is this > I'm trying to log into DC1 (abc.com) with a user created in (xyz.com) > > the domain is shown in the drop down section when trying to login. > however after trying the credentials this is the error I get > > "The local policy of this system does not permit you to logon > interactively" > > I have search around for that error message and tried almost all > solutions mentioned but doesn't seem to work. any ideas would be much > appreciated. have you added the Domain Admins of abc to Local Admins of xyx, Domain users of abc to Local Domain Users of xyz, and vice versa? Trusts establish communications, but it doesn;t stop there. There are additional steps needed to be done for further tasks to be accomplished from one domain to the other. -- Ace This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT Microsoft Certified Trainer ace***@mvps.RemoveThisPart.org For urgent issues, you may want to contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers. Thanks for the guidance everyone. I didn't realize there was a group
policy apart from the Default Group policy for Domain Controllers. Soon
as I changed the relevant settings it worked.
Thanks :) -- kgangulw ------------------------------------------------------------------------ kgangulw's Profile: http://forums.techarena.in/members/83749.htm View this thread: http://forums.techarena.in/active-directory/1144590.htmhttp://forums.techarena.in In news:kgangulw.3pdrrd@DoNotSpam.com, kgangulw <kgangulw.3pdrrd@DoNotSpam.com>, posted the following:> Thanks for the guidance everyone. I didn't realize there was a group Group policy? Curious, what settings did you change to make it work?> policy apart from the Default Group policy for Domain Controllers. > Soon as I changed the relevant settings it worked. > > Thanks :) Ace 'Ace Fekay [Microsoft Certified Trainer Wrote:
> ;4314266']In news:kgangulw.3pdrrd@DoNotSpam.com, Hi, this is the change I made. > kgangulw <kgangulw.3pdrrd@DoNotSpam.com>, posted the following: > > Thanks for the guidance everyone. I didn't realize there was a group > > policy apart from the Default Group policy for Domain Controllers. > > Soon as I changed the relevant settings it worked. > > > > Thanks :) > > Group policy? Curious, what settings did you change to make it work? > > Ace Computer Configuration \ Windows Settings \ Security Settings \ Local Policies \ User Rights Assignments \ Allow Log on locally in here I added groups from the other domain -- kgangulw ------------------------------------------------------------------------ kgangulw's Profile: http://forums.techarena.in/members/83749.htm View this thread: http://forums.techarena.in/active-directory/1144590.htmhttp://forums.techarena.in In news:kgangulw.3pdxbc@DoNotSpam.com, kgangulw <kgangulw.3pdxbc@DoNotSpam.com>, posted the following:> Hi, this is the change I made. Thanks for posting that! It may help others in the future how may have a > > Computer Configuration \ Windows Settings \ Security Settings \ Local > Policies \ User Rights Assignments \ Allow Log on locally > > in here I added groups from the other domain similar question, and when they search, hopefully they will find our thread1 Cheers! Ace  
Thread options
Other interesting topics
What am I missing?
Domain Trust issue problem reading gpt.ini Kerberos Tickets Renewal Infrastructure FSMO role owner attibute not correct in root domain How to Switch domains without having admin rights? problem with NIS and AD user attributes Problem After Defining Static RPC Port Folder Redirection Run Amok IE7 Trusted Sites Disabled |
|||||||||||||||||||||||
