RE: [ActiveDir] Strange Group Policy Problem

Fri, 28 Feb 2003 18:40:16 -0800

Title: Message
Brad,
 
Interesting.  I'll be watching as this goes on to see what others suggest and what you find.  As to the direct answers:
 
Has anyone heard of local policies changing like that on its own?  Absolutely - No.  Never have seen it.
 
Now, here's the questions:
 
The easiest explanation is that someone inadvertently changed it.  Denial is an easy, thing to do, but hard to accept.  It happens, and we never WANT to blame our co-workers.  It IS the most obvious answer.  What do YOU think?
 
What are you auditing for success, failure that would indicate an access?
 
I'll leave it at that.....   ;o)

Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone



 
 
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brad Martin
Sent: Friday, February 28, 2003 3:17 PM
To: Active Directory Mailing List

Ok, I don’t know how this could have happened, but it just seemed to.  We suddenly could not log in locally to many of our servers, we kept getting a local policy didn’t allow access to Log on Locally.  Luckily I had a connection open to one of the servers we couldn’t log into and I quickly looked at the Local Security Policy and it listed one of our users as the only one that could log in locally as the Effective Policy Setting.  I quickly looked at the GPOs that were attached to the OU the machines were in (this was affecting around 10 servers) and there were no GPOs applied to it (or higher up the tree, except the Default Domain Policy which was clean.)  I did a secedit /refreshpolicy on the box and it fixed the problem, suddenly we could log in.  I’ve been pouring through the log files and I can’t see any changes to the local security policy, nor is there anything listed on the DCs where someone had added a GPO to the servers OU (then deleted it).  Nobody who could have changed it claims to have made any changes to the OU.  Basically I’m looking to find out, and I feel foolish even asking this, but has anyone heard of local policies changing like that on its own?  Could it have been some kind of strange Active Directory database corruption that then fixed itself?

 

Brad Martin

Go Daddy Software, Inc.

480.505.8800 ext. 250

[EMAIL PROTECTED]

http://www.godaddy.com

 

 

 

<<image001.gif>>

Reply via email to