wildguy2k 0 Posted July 30, 2002 i've just re-built my win2k domain after a dc crash, & the "domain users" group is unable to logon to any of my wkstns. they're getting eventid: 533 - your user acct is not configured to allow you to use this computer, please find another. so, i checked my domain security policy, under user rights assignment to see if the correct setting was made. the following appears under the "logon locally" setting: Administrators NAME\Domain Admins NAME\Domain Users SYSTEM SERVICE (**NAME, being the domain name) so, i checked their individual user accts under the "account" tab to make sure that the default setting under the "logon to" button was still set to "all computers," which it was. then i checked the individual wkstns to make sure that the domain policy was being applied. both Domain Admins & Domain Users were found under each wkstn's "logon locally" setting under their Local Security Policy. i then enabled NetBT on each of the wkstns, to see if that would help, but it didn't. in addtion to support.microsoft, & microsoft.com/technet searches, i've run a forum search & found this post: http://www.ntcompatible.com/vb/showthread.php?s=&threadid=18209&highlight=event+533 unfortunately, it did not shed any light on my situation, however, it seemed that his problem was solved by manipulating this "logon locally" setting. however, the setting that he said he switched seems to be correctly applied in my case. i haven't applied any secuity templates, & the "logon locally" setting is one of only a few domain user rights assignment policies that i've defined. IPSec is not running, nor are any IIS or terminal services. ONE VERY STRANGE THING: ALL users can logon to my sole DC. only the wkstns are giving me this problem. i also checked for differences between my domain security policy, & my domain controller security policy, & could find no glaring differences. i'm tempted to "undefine" the "logon locally" user right assignment altogether, but would like some security in the domain. PLEASE HELP Share this post Link to post
wildguy2k 0 Posted July 30, 2002 also wanted to add that both wkstns are fresh builds as well, & have been added to the domain following its rebuild. additionally, i can (as a domain admin) logon to all machines, w/full access to all domain resources. Share this post Link to post
ryoko 0 Posted August 9, 2002 Although it will not give much for your particular problem, try eventid.net for some nice info if you have trouble with event numbers. I found it helped me in the past when MS gave too little info or made it tough to find quickly. 533 did not give any fix information, however other events posted there have. -RY Share this post Link to post