Logon Locally No Longer Appears in Logon Choices on Domain Controller VIA Remote Desktop

Discussion in 'Windows Server' started by yukon727, Jul 21, 2008.

  1. yukon727

    yukon727 Guest

    Hi All,
    I have noticed that the ability to logon locally to any of our domain
    controllers (windows 2003 native) is no longer available via remote desktop.
    Has anyone else run into this issue?
    Thank You,
    yukon727
     
    yukon727, Jul 21, 2008
    #1
    1. Advertisements

  2. Hello yukon727,

    If it was possible before, find the changes done in your GPO's about "Allow
    logon locally". What account are you using and what is the complete error
    message you get when your try it?

    Best regards

    Meinolf Weber
     
    Meinolf Weber, Jul 22, 2008
    #2
    1. Advertisements

  3. yukon727

    Dave Patrick Guest

    This is expected. When you made them domain controllers the local accounts
    databases are removed.



    --

    Regards,

    Dave Patrick ....Please no email replies - reply in newsgroup.
    Microsoft Certified Professional
    Microsoft MVP [Windows]
    http://www.microsoft.com/protect
     
    Dave Patrick, Jul 22, 2008
    #3
  4. Hello Dave,

    Thought that he means to logon to the DC via RDP is not possible any longer.
    Ofcourse you are right, that logon to the local computer is not longer available.

    Best regards

    Meinolf Weber

     
    Meinolf Weber, Jul 22, 2008
    #4
  5. yukon727

    yukon727 Guest

    Hi Meinolf,
    We are using Domain accounts to access the servers locally and the Domain
    Admins group is a member of the local admins on the DC's.
    This problem was reported by another DA and after researching the issue I
    think I know what happened.
    When a server is promoted to a DC the logon locally option is removed from
    the logon dropdown.
    What I think happened in our case was that somehow the "Default Domain" was
    not selected in the dropdown by default and this showed the empty white
    space in the logon to field.
    I used GPO to implement the following defaultdomain.adm file, link it to the
    domain and ensure that the default domain is always selected.

    CLASS MACHINE
    CATEGORY !!Logon
    CATEGORY "Logon Settings"
    KEYNAME "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
    POLICY "Default Domain"
    PART "Default Domain" EDITTEXT
    VALUENAME "DefaultDomainName"
    END PART
    END POLICY
    END CATEGORY
    END CATEGORY
    [strings]
    Logon="Default domain selection"

    Thank You for your help,
    Shawn
     
    yukon727, Jul 22, 2008
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.