[gptalk] Re: Unable to RDP to DC's

  • From: "Jason Williams" <jasonwilliams74@xxxxxxxxx>
  • To: gptalk@xxxxxxxxxxxxx
  • Date: Thu, 18 Oct 2007 13:34:42 -0700

Will do. See if I can track it down.
Management wants blood right now.


On 10/18/07, Omar Droubi <omar@xxxxxxxxxxxxxxxxxxxxx> wrote:
>
>  Jason,
>
>
>
> I would hurry up and review the security event logs on each of your DCs to
> find out what really happened and maybe who did it.
>
>
>
> Search in the security log for:
>
>
>
> Event Type:        Success Audit
>
> Event Source:    Security
>
> Event Category:                Account Management
>
>
>
> I was thinking that maybe someone configured a restricted group- GPO also-
> I would also check there.
>
>
>
>
>
>
>
>
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Jason Williams
> *Sent:* Thursday, October 18, 2007 11:37 AM
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Re: Unable to RDP to DC's
>
>
>
> Oh man...going to strangle someone. I figured out what the problem is and
> still looking to correct it.
>
> Somebody here decided to remove the "domain admins" group from the
> builtin\administrators group
>
>
>
> Now that i've added it back, I need to let it propagate through my domain.
>
>
>
> Im going to go outside and scream now.
>
>
>
> Appreciate the help.
>
>
>
> JW
>
>
>
> On 10/18/07, *Darren Mar-Elia* <darren@xxxxxxxxxx> wrote:
>
> It really sounds like you are getting some policies on your DCs that was
> not intendd for them-- probably linked at the domain.  Something must have
> changed--I would try just installing GPMC on a workstation and see if you
> can remotely run RSOP. As a last resort you could temporarily set block
> inheritance on the DCs OU to see if that frees things up.
>
> Darren
>
> -----Original Message-----
> From: "Jason Williams" <jasonwilliams74@xxxxxxxxx>
> To: gptalk@xxxxxxxxxxxxx
> Sent: 10/18/2007 9:31 AM
> Subject: [gptalk] Re: Unable to RDP to DC's
>
> Hi Darren,
>
> I have some very odd things that are happening that are making me nervous.
> I
> am not sure why some of things are occuring, but on edge now.
>
> For instance, I was able to fix connecting to my DC's via RDP. BUT, I
> still
> cannot logon at the console.
> Also, i tried to install the GPMC on one of my DC's that did not have it
> and
> I get denied. Message is "The system administrator has set policies to
> prevent this installation."
> I have tried to open up the "Group Policy Object Editor" on one of my DC's
> and I get access denied, which makes no sense because I am using a domain
> admin account.
>
> Im a little flustered right now and very nervous.
> Any suggestions?
>
> Thanks.
>
> Jason
>
>
> On 10/18/07, Darren Mar-Elia <darren@xxxxxxxxxx> wrote:
> >
> >  Jason-
> >
> > What does GPResults tell you that the effective policy is on a DC? Are
> you
> > sure no changes were made to the GPO linked to the DCs OU? GPMC will
> tell
> > you the Last Modified date on a GPO.
> >
> >
> >
> > Darren
> >
> >
> >
> > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx ]
> *On
> > Behalf Of *Jason Williams
> > *Sent:* Thursday, October 18, 2007 8:52 AM
> > *To:* gptalk@xxxxxxxxxxxxx
> > *Subject:* [gptalk] Unable to RDP to DC's
> >
> >
> >
> > Hello everyone.
> >
> > Have a great thing happening this morning that I am still trying to
> track
> > down the cause of.
> >
> >
> >
> > I came in this morning and a collegue told me he is unable to RDP to any
>
> > of our DC's in our company. I confirmed this and receive the following
> > message when trying to do so:
> >
> > Funny thing is, this was working recently so I need to find out what
> > changed.
> >
> >
> >
>
> [truncated by sender]
> ***********************
> You can unsubscribe from gptalk by sending email to
> gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
> logging into the freelists.org Web interface. Archives for the list are
> available at http://www.freelists.org/archives/gptalk/
> ************************
>
>
>

Other related posts: