我已经安装了Windows 2008 Server Standard R2并安装了AD / DNS服务器。 之后,我无法login我创build的本地用户。
“您无法login,因为您使用的login方法不允许在此计算机上”
我试过删除和重新创build用户,但无济于事。 有很多的情况下,这个错误已经在networking上报告,我一直在尝试所有的解决scheme,build议我可以find并在过去的3个小时这样做。
我仍然可以使用Domain Adminpipe理员帐户login。 使用组策略pipe理(默认域策略 – >计算机configuration – >策略 – > Windows设置 – >安全设置 – >本地策略 – >用户权限分配)。 我已启用“允许本地login”并添加“域用户”。 这不起作用 – 我甚至尝试过“每个人”。
以下是关于用户的一些信息。
User name joshua Full Name joshua Comment User's comment Country code 000 (System Default) Account active Yes Account expires Never Password last set 3/12/2015 7:24:55 AM Password expires Never Password changeable 3/13/2015 7:24:55 AM Password required Yes User may change password No Workstations allowed All Logon script User profile Home directory Last logon 3/12/2015 9:06:45 AM Logon hours allowed All Local Group Memberships Global Group memberships *Domain Users The command completed successfully. 这是gpresult输出:
Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0 Copyright (C) Microsoft Corp. 1981-2001 Created On 3/12/2015 at 8:46:39 AM RSOP data for mydomain\administrator on WIN2K8SERVER : Logging Mode ------------------------------------------------------------------------ OS Configuration: Primary Domain Controller OS Version: 6.1.7601 Site Name: Default-First-Site-Name Roaming Profile: N/A Local Profile: C:\Users\Administrator Connected over a slow link?: No COMPUTER SETTINGS ------------------ CN=WIN2K8SERVER,OU=Domain Controllers,DC=mydomain,DC=local Last time Group Policy was applied: 3/12/2015 at 8:43:12 AM Group Policy was applied from: win2k8server.mydomain.local Group Policy slow link threshold: 500 kbps Domain Name: mydomain Domain Type: Windows 2000 Applied Group Policy Objects ----------------------------- Default Domain Controllers Policy Default Domain Policy The following GPOs were not applied because they were filtered out ------------------------------------------------------------------- Local Group Policy Filtering: Not Applied (Empty) The computer is a part of the following security groups ------------------------------------------------------- BUILTIN\Administrators Everyone BUILTIN\Pre-Windows 2000 Compatible Access BUILTIN\Users Windows Authorization Access Group NT AUTHORITY\NETWORK NT AUTHORITY\Authenticated Users This Organization WIN2K8SERVER$ Domain Controllers NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Denied RODC Password Replication Group System Mandatory Level Resultant Set Of Policies for Computer --------------------------------------- Software Installations ---------------------- N/A Startup Scripts --------------- N/A Shutdown Scripts ---------------- N/A Account Policies ---------------- GPO: Default Domain Policy Policy: MaxRenewAge Computer Setting: 7 GPO: Default Domain Policy Policy: MaximumPasswordAge Computer Setting: 42 GPO: Default Domain Policy Policy: MinimumPasswordAge Computer Setting: 1 GPO: Default Domain Policy Policy: MaxServiceAge Computer Setting: 600 GPO: Default Domain Policy Policy: LockoutBadCount Computer Setting: N/A GPO: Default Domain Policy Policy: MaxClockSkew Computer Setting: 5 GPO: Default Domain Policy Policy: MaxTicketAge Computer Setting: 10 GPO: Default Domain Policy Policy: PasswordHistorySize Computer Setting: 24 GPO: Default Domain Policy Policy: MinimumPasswordLength Computer Setting: 7 Audit Policy ------------ N/A User Rights ----------- GPO: Default Domain Controllers Policy Policy: MachineAccountPrivilege Computer Setting: Authenticated Users GPO: Default Domain Controllers Policy Policy: ChangeNotifyPrivilege Computer Setting: Everyone LOCAL SERVICE NETWORK SERVICE Administrators Authenticated Users Pre-Windows 2000 Compatible Access GPO: Default Domain Controllers Policy Policy: IncreaseBasePriorityPrivilege Computer Setting: Administrators GPO: Default Domain Controllers Policy Policy: TakeOwnershipPrivilege Computer Setting: Administrators GPO: Default Domain Controllers Policy Policy: RestorePrivilege Computer Setting: Administrators Backup Operators Server Operators GPO: Default Domain Controllers Policy Policy: DebugPrivilege Computer Setting: Administrators GPO: Default Domain Controllers Policy Policy: SystemTimePrivilege Computer Setting: LOCAL SERVICE Administrators Server Operators GPO: Default Domain Controllers Policy Policy: SecurityPrivilege Computer Setting: Administrators GPO: Default Domain Controllers Policy Policy: ShutdownPrivilege Computer Setting: Administrators Backup Operators Server Operators Print Operators GPO: Default Domain Controllers Policy Policy: AuditPrivilege Computer Setting: LOCAL SERVICE NETWORK SERVICE GPO: Default Domain Controllers Policy Policy: InteractiveLogonRight Computer Setting: Administrators Backup Operators Account Operators Server Operators Print Operators GPO: Default Domain Controllers Policy Policy: CreatePagefilePrivilege Computer Setting: Administrators GPO: Default Domain Controllers Policy Policy: BatchLogonRight Computer Setting: Administrators Backup Operators Performance Log Users GPO: Default Domain Controllers Policy Policy: NetworkLogonRight Computer Setting: Everyone Administrators Authenticated Users ENTERPRISE DOMAIN CONTROLLERS Pre-Windows 2000 Compatible Access GPO: Default Domain Controllers Policy Policy: SystemProfilePrivilege Computer Setting: Administrators NT SERVICE\WdiServiceHost GPO: Default Domain Controllers Policy Policy: RemoteShutdownPrivilege Computer Setting: Administrators Server Operators GPO: Default Domain Controllers Policy Policy: BackupPrivilege Computer Setting: Administrators Backup Operators Server Operators GPO: Default Domain Controllers Policy Policy: EnableDelegationPrivilege Computer Setting: Administrators GPO: Default Domain Controllers Policy Policy: UndockPrivilege Computer Setting: Administrators GPO: Default Domain Controllers Policy Policy: SystemEnvironmentPrivilege Computer Setting: Administrators GPO: Default Domain Controllers Policy Policy: LoadDriverPrivilege Computer Setting: Administrators Print Operators GPO: Default Domain Controllers Policy Policy: IncreaseQuotaPrivilege Computer Setting: LOCAL SERVICE NETWORK SERVICE Administrators GPO: Default Domain Controllers Policy Policy: ProfileSingleProcessPrivilege Computer Setting: Administrators GPO: Default Domain Controllers Policy Policy: AssignPrimaryTokenPrivilege Computer Setting: LOCAL SERVICE NETWORK SERVICE Security Options ---------------- GPO: Default Domain Policy Policy: PasswordComplexity Computer Setting: Not Enabled GPO: Default Domain Policy Policy: ClearTextPassword Computer Setting: Not Enabled GPO: Default Domain Policy Policy: ForceLogoffWhenHourExpire Computer Setting: Not Enabled GPO: Default Domain Policy Policy: RequireLogonToChangePassword Computer Setting: Not Enabled GPO: Default Domain Policy Policy: LSAAnonymousNameLookup Computer Setting: Not Enabled GPO: Default Domain Policy Policy: TicketValidateClient Computer Setting: Enabled GPO: Default Domain Controllers Policy Policy: @wsecedit.dll,-59013 ValueName: MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity Computer Setting: 1 GPO: Default Domain Controllers Policy Policy: @wsecedit.dll,-59043 ValueName: MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature Computer Setting: 1 GPO: Default Domain Controllers Policy Policy: @wsecedit.dll,-59044 ValueName: MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature Computer Setting: 1 GPO: Default Domain Policy Policy: @wsecedit.dll,-59058 ValueName: MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash Computer Setting: 1 GPO: Default Domain Controllers Policy Policy: @wsecedit.dll,-59018 ValueName: MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal Computer Setting: 1 Event Log Settings ------------------ N/A Restricted Groups ----------------- N/A System Services --------------- N/A Registry Settings ----------------- N/A File System Settings -------------------- N/A Public Key Policies ------------------- N/A Administrative Templates ------------------------ N/A USER SETTINGS -------------- CN=Administrator,CN=Users,DC=mydomain,DC=local Last time Group Policy was applied: 3/12/2015 at 8:44:25 AM Group Policy was applied from: win2k8server.mydomain.local Group Policy slow link threshold: 500 kbps Domain Name: mydomain Domain Type: Windows 2000 Applied Group Policy Objects ----------------------------- N/A The following GPOs were not applied because they were filtered out ------------------------------------------------------------------- Default Domain Policy Filtering: Not Applied (Empty) Local Group Policy Filtering: Not Applied (Empty) The user is a part of the following security groups --------------------------------------------------- Domain Users Everyone BUILTIN\Administrators BUILTIN\Users BUILTIN\Pre-Windows 2000 Compatible Access NT AUTHORITY\INTERACTIVE CONSOLE LOGON NT AUTHORITY\Authenticated Users This Organization LOCAL Group Policy Creator Owners Domain Admins Enterprise Admins Schema Admins Denied RODC Password Replication Group High Mandatory Level The user has the following security privileges ---------------------------------------------- Bypass traverse checking Manage auditing and security log Back up files and directories Restore files and directories Change the system time Shut down the system Force shutdown from a remote system Take ownership of files or other objects Debug programs Modify firmware environment values Profile system performance Profile single process Increase scheduling priority Load and unload device drivers Create a pagefile Adjust memory quotas for a process Remove computer from docking station Perform volume maintenance tasks Impersonate a client after authentication Create global objects Change the time zone Create symbolic links Enable computer and user accounts to be trusted for delegation Increase a process working set Add workstations to domain Resultant Set Of Policies for User ----------------------------------- Software Installations ---------------------- N/A Logon Scripts ------------- N/A Logoff Scripts -------------- N/A Public Key Policies ------------------- N/A Administrative Templates ------------------------ N/A Folder Redirection ------------------ N/A Internet Explorer Browser User Interface ---------------------------------------- N/A Internet Explorer Connection ---------------------------- N/A Internet Explorer URLs ---------------------- N/A Internet Explorer Security -------------------------- N/A Internet Explorer Programs -------------------------- N/A
在域控制器上没有本地用户这样的事情。 您必须使用您的域pipe理员帐户login,然后创build域用户。
我很确定所有的本地帐户都是要迁移到AD的,但是无论如何,这看起来是出了问题。
尝试创build一个新的用户?
PS如果你还没有编辑过域名政策,那么你肯定不需要这样做。 事实上,你不需要做任何事情来“解决”这个问题,我甚至可以说,如果这实际上是一个真正的技术问题(而不是一个错误),那么我只是把盒子弄平,因为你需要的最后一件事情是一个不稳定的DC。