event id 533 occurring @ wkstns

wildguy2k

Junior Member
Aug 8, 2001
19
0
0
i've just re-built my win2k domain after a dc crash, & the "domain users" group is unable to

logon to any of my wkstns. they're getting eventid: 533 - your user acct is not configured

to allow you to use this computer, please find another.

so, i checked my domain security policy, under user rights assignment to see if the correct

setting was made. the following appears under the "logon locally" setting:

Administrators
NAME\Domain Admins
NAME\Domain Users
SYSTEM
SERVICE

(**NAME, being the domain name)

so, i checked their individual user accts under the "account" tab to make sure that the

default setting under the "logon to" button was still set to "all computers," which it was.

then i checked the individual wkstns to make sure that the domain policy was being applied.

both Domain Admins & Domain Users were found under each wkstn's "logon locally" setting

under their Local Security Policy. i then enabled NetBT on each of the wkstns, to see if

that would help, but it didn't.

in addtion to support.microsoft, & microsoft.com/technet searches, i've run a forum search &

found this post:

http://www.ntcompatible.com/vb/showthread.php?s=&threadid=18209&highlight=event+533

unfortunately, it did not shed any light on my situation, however, it seemed that his

problem was solved by manipulating this "logon locally" setting. however, the setting that

he said he switched seems to be correctly applied in my case.

i haven't applied any secuity templates, & the "logon locally" setting is one of only a few

domain user rights assignment policies that i've defined. IPSec is not running, nor are any

IIS or terminal services.

ONE VERY STRANGE THING: ALL users can logon to my sole DC. only the wkstns are giving me

this problem. i also checked for differences between my domain security policy, & my domain

controller security policy, & could find no glaring differences.

i'm tempted to "undefine" the "logon locally" user right assignment altogether, but would

like some security in the domain. PLEASE HELP.....
 

GAZZA

Golden Member
Oct 18, 1999
1,987
0
0
I won't pretend to know how to solve your problem but I did a quick search on MS Knowledge base and found a few search results on your error , not sure if this will help you at all but worth a try .

MS Knowledge Base
 

wildguy2k

Junior Member
Aug 8, 2001
19
0
0
yeah, that was the support.microsoft search i was talkin' about. unfortunately, i have this post up in 6 other places, & have yet to find a successful resolution to the problem...