Jump to content

kb943485 - Dreaded admin not able to log on locally after patch

Guest Tim_S

By Guest Tim_S
in Windows 2003 Server

 Share

Recommended Posts

Guest Tim_S

Guest Tim_S

Posted
Posted

Well, today i applied the KB943485 patch to my SBS 2003 and Standard 2003

server in my domain....

 

I rebooted and bang... using the administrator (builtin) account would

refuse to log in. The error was....

 

Local Security Policy won't permit interactive login

 

This account would log - in fine before the patch's were applied.

 

I applied KB941644 and KB943485 and I believe that the 485 was the one that

changed security settings.

 

I looked in the Domain Controller Security settings and the Administrator

account is set to allow local login and it is not denied interactive login

in any of the policy groupings....

 

I could log in using a normal user account that is also in the administrator

group just fine. As that was my only means of getting back in... but the

server\administrator account was inoperative.

 

The only way I could get the Administrator account to be able to log in

locally was to create/set a Domain Security Policy that explicitly allows

the administrator to log in locally... If I remove that from the Domain

security policy, the Domain Controller Security policy where it is also

allowed is rejecting it....

 

go figure... you think the Administrator account should top all other

accounts... but not in this case...

 

geez

  • Replies 1
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Susan Bradley

Guest Susan Bradley

Posted
Posted

Re: kb943485 - Dreaded admin not able to log on locally after patch

 

Tim_S wrote:

> Well, today i applied the KB943485 patch to my SBS 2003 and Standard 2003

> server in my domain....

>

> I rebooted and bang... using the administrator (builtin) account would

> refuse to log in. The error was....

>

> Local Security Policy won't permit interactive login

>

> This account would log - in fine before the patch's were applied.

>

> I applied KB941644 and KB943485 and I believe that the 485 was the one that

> changed security settings.

>

> I looked in the Domain Controller Security settings and the Administrator

> account is set to allow local login and it is not denied interactive login

> in any of the policy groupings....

>

> I could log in using a normal user account that is also in the administrator

> group just fine. As that was my only means of getting back in... but the

> server\administrator account was inoperative.

>

> The only way I could get the Administrator account to be able to log in

> locally was to create/set a Domain Security Policy that explicitly allows

> the administrator to log in locally... If I remove that from the Domain

> security policy, the Domain Controller Security policy where it is also

> allowed is rejecting it....

>

> go figure... you think the Administrator account should top all other

> accounts... but not in this case...

>

> geez

>

>

There's nothing in those patches that would have changed that setting.

 

By any chance did you change the membership of the Administrators? I've

seen folks accidentally deny themselves because they add a membership

that conflicts.

 Share
Go to topic listing
×
×
  • Create New...