roguecoolmanMemberFeb 16, 2007 at 4:09 pm #121441
I have this strange problem and i’m not sure what the root cause is.
We have 2000 ad accounts on server 2003. We run windows xp sp2 clients. This is the first time this has happened.
I’ve seen a user try to log into a workstation (not remotely but interactively) and he gets:
“Your Interactive log on privilege has been disabled”
I then login with a user account with the same privileges as him and it works. i log on as local admin and it works. I get him to login again aftwards, it works. (no reboot).
i don’t understand why this is. So far it’s happened to a few users only. we run labs, so all the machines are indentical.
they are all in the same ou so all the same gpo’s are applied
all user accounts are in the same ou so they get all the same gpo’s applied.
As far as i can see from the security logs i see,
evt 529’s :unknown user name or bad passwords,
It’s not the username and a bad password wouldn’t generate the “Your Interactive log on privilege has been disabled” message.
the only i’ve done recently was:
1. admodify tool to mass set the “deny this user permission to log on to any terminal server” – since my users are loging in interactively i don’t see how this is the problem.
2. I’ve been doing some manual software updates by RDP’ing into the machines, but i always log out.
this has got me stump by the message. I don’t see anything on the user’s account setting and the work station does log people in, just not all users.
right now there’s very little people being affected and i want to head this off before it becomes a huge issue.
so far the one solution is to log into the workstation as administator first or another user account. Log out and the workstation is fine.
You must be logged in to reply to this topic.