|
Question : Can NOT login with Domain Account
|
|
Domain controller -
windows 2003 small business second server is the old NT with our mission critical Database on it.
Get error can not log on interactively but it is at the LOCAL machine We are DOWN.
I tried RESOLUTION To correct this problem and provide local access when connected to the domain, do the following:
Log off the domain and log on to the local computer using an account with administrative rights. Go to the Administrative Tools group, select User Manager, click the Policies tab, and select User Rights. Use the down arrow next to the "Right" dialog box and select "Log on locally", and then click Add. The Add Users and Groups dialog box is displayed. In "List Names From:" select the domain name, and then in the Add Names box type your . Click OK. The User Rights Policy dialog box is displayed with the new user name added to the list. Click OK. Log off and back on. At the Welcome dialog box, select the domain and log on. You now have local logon access rights.
PLEASE HELP I would assign a BILLION points if I could :)
|
Answer : Can NOT login with Domain Account
|
|
Let me see if I can provide you with the ammo to get this resolved:
In active directory Users and computers, select the computer for the NT4 server. If not there you might have to created it manually. In that account, there is an option to show that this computer is a "Pre 2000 operating system". That will have to be checked.
Then, you will need to make sure that the SBS server is backwards compatible with NTLMhash authentication. Though this article is for Exchange I think it will guide you to set the appropriate backwards compatibility to your NT server. http://support.microsoft.com/kb/820281
Furthermore, you could upgrade your NT4 authentication protocol to NTLM2 or later. I don' tknow what the latest is. http://support.microsoft.com/kb/239869
For NT4 and 2003 server to work, they have to be able to talk on the same authentication protocol. SBS 2003 needs to be able to use backwards compatible to NTLM and your NT4 needs to have the highest form of protocol available for that machine.
Suggestions: NTLMhash has some very serious vulnerabilities and If I may suggest something for security reasons. Migrate your data to a 2003 or later server and start using Kerberos.
|
|
|
|