cant logon to member svr as a member of a group in it's administra

the user account belongs to a group dbadmin( created by me), dbadmin is a
member of the faulty member server's administrator (local group of course)

this user can't logon successfully, either at the server's console or
remotely, after click "login", a cmd prompt says"the command prompt has been
disabled by your administrator", then he was log out automatically.

But, another account, which is a member of both dbadmin and
DomainAdmin(default ad group of course), he can login normally!

I was driven mad! Please give some hints. Thanks!

 

The problem appears to deal with a group policy against certain individuals
but not against the Domain Admin. Perhaps someone setup a login script or
disabled a function against this computer for non-admins. Go to Active
Directory Users and Computers and find the OU that holds the for the member
server and right click select properties and select the group policy tab.
Browse through this and (You could load the group policy management console)
see if you can find any policies that pertain to this setting. You could
also try using the Resultant Set Of Policicies Snap-In and try and determine
the issue.

See if the links are of any help:
http://support.microsoft.com/default.aspx?scid=kb;en-us;887303

http://www.comptechdoc.org/os/windows/win2k/win2kgpolicies.html

http://www.microsoft.com/technet/pr...ons/ccd7b430-99a5-40fd-b68a-6c1979e565a2.mspx

 

check policies that apply to that user either in AD or on the local server

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto #
MVP Windows Server - Directory Services
BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx