Can anyone help me with a Win 7 domain issue?

MrPete1985 2011-08-17 20:38:11 UTC #1

ok luckily this is just a school lab but I would like to know how to fix it in case I run into this in the real world.

we set up a domain and but a few PCs in class cannot log onto the domain because only "administrators" and "domain05\john" have "Allow local log on" under the user rights policies and when I double click it I cannot modify it.

anyone ever seen this before and know how to fix it or maybe there is a CLI tool I can use to change the permissions?

we are using Windows 7 ultimate on VMware I am going to download VMware on my home PC so I can post a few screens to give a better idea what is going on.

EDIT: crap I left my external HD with the OS at school I'll have to get up early and go back and get it

bean55 2011-08-18 04:57:53 UTC #2

Make sure you have everything spelled right, a cap letter in the wrong place can throw it off.

Does the computers that won’t attach have local admin rights? Does not sound like they do.

MrPete1985 2011-08-18 05:26:46 UTC #3

the domain and user names are spelled correctly, and I have an admin account on the local machine.

I am in the local group policy editor as “megagigabytes\pete” this is my admin account and I go to
windows settings -> security settings -> local policies -> user rights assignments
then on the right side of the screen I double click on “Allow log on locally” but is will not allow me to modify anything

bean55 2011-08-18 05:33:56 UTC #4

MrPete

I do not know that much about VMware, as you can see by mine on regular Domain I do have the option

bean55 2011-08-18 05:39:24 UTC #5

Look at :Security Options\Network Security\LAN Manager Authentication Level

What is it set at?

MrPete1985 2011-08-18 06:01:59 UTC #6

I don’t even have security options I’d bet anything this is all VMwares fault

bean55 2011-08-18 06:07:10 UTC #7

Could be or I know some people have had issues just because there nic cards were not updated.

From Post#3 you have Security Options right under User Rights Assignments

MrPete1985 2011-08-18 06:11:01 UTC #8

it says not defined

what should I change it to?

bean55 2011-08-18 06:14:41 UTC #9

And no option to change it?

I guess VMWare has more differences than I thought, I will need to try and learn more about it.

MrPete1985 2011-08-18 06:15:54 UTC #10

I can change LAN Manager Authentication Level just unsure which option to choose

other people have it working last night I was able to log onto the account I created using another students vmware PC I may end up copying their VM but I would rather not have to resort to that

bean55 2011-08-18 06:29:51 UTC #11

Try the use NTLMv2 session

MrPete1985 2011-08-18 06:41:05 UTC #12

allow log on locally is still locked tried restarting the VM after changing the LAN Manager Authentication Level

bean55 2011-08-18 06:54:13 UTC #13

Only thing I got left is trying to uninstall and reinstalling VMWare

Perhaps something got hung up during the install

Mr_Belvedere 2011-08-18 07:27:33 UTC #14

What kind of domain and what schema? Windows Server 2008 R2?

Note that a Windows 7 computer cannot make a domain, only workgroups.
Local security policies hardly affect domain policies. Default domain policies (GPO) are loaded even before you login a client system.

anyone ever seen this before and know how to fix it or maybe there is a CLI tool I can use to change the permissions?
In order to log into a domain you must have a client computer join the domain. This way the computer name will be present(ed) in de Active Directory of the domain.

After that you can use a registered, non-locked, user account, present in the Active Directory to logon to the domain via the client pc. Make sure you are using the correct domain to log in and are not locally logging in on the client name.