Originally posted by: dclive
Originally posted by: NathanBWF
Figured it out. It wasn't the everyone group that was denied. It was another group that was on there. Also, you can't just fix it my using the command in the above post and applying it to the everyone group. You have to remove it from the group that you assigned it to in the first place.
Can you detail that a little more?
Sure.
What I had happend was there was a group created on the XP machine called "Backups". I wanted to deny the right to log on locally to that group, which I did through the local security policy snap in. What I didn't know was that the Administrators group and the Users group had been added into the Backups group, so after I made the change to deny that group the log on locally right and rebooted, all of a suden I couldn't log on locally with any user account, Administrator accounts included. At first I thought that the Everyone group had been added to the Backups group, which wasn't the case.
Anyway, I found out about ntrights.exe and thought by running:
ntrights -m \\computer -u Everyone -r SeDenyInteractiveLogonRight
and applying it to the everyone group that would solve my problem. BUT you can't just apply it to the everyone group, you have to apply it to the group that you intially denied the log on locally right to in the first place, which in my case was the "Backups" group. So after I ran:
ntrights -m \\computer -u Backups -r SeDenyInteractiveLogonRight
I was able to log on locally again. Then I took the administrators and users groups out of the Backups, then denied the Backups group the log on locally right again and now everything is working how it was suppose to in the first place. Everyone else can log on locally except those of the Backups group.
Sorry for the long post, hope it makes sense.
Glad you resolved it.
Facebook
Twitter