Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Access Removed: SeNetworkLogonRight

343 views
Skip to first unread message

Kevin

unread,
Mar 1, 2007, 3:36:10 PM3/1/07
to
Hi Everyone! My SBS 2003 is having this really odd issue with the one of the
GPO's for the default domain.

The "Local Policies/User Rights Assignment" > "Access this computer from the
network" the setting should have a list of users but it does not. I add the
list of default users that should be allowed and everything works fine, but
after 5 or less minutes the system security removes them again.

I've spent days looking for answers to this problem without finding a reason
this is happening on the server. I do see in my event id: 622 that the server
is removing all the users but dont know why. Can anyone help?

Tx - Kevin

Roger Abell [MVP]

unread,
Mar 2, 2007, 12:23:29 AM3/2/07
to
Kevin

Please clarify where you are seeing this.
You say you see it in a GPO but it more sounds as if you are
seeing it in the effective policies as views in the local security
policy. (also, not sure what you mean by "for the default domain"
as SBS deployments have but the one domain)
If it is the locally effective setting that is changing then this is
the expected behavior (given 5 minutes, on a DC) when you
attempt to make a local change but it is reset because it is being
controlled by a GPO.

Roger
"Kevin" <Ke...@discussions.microsoft.com> wrote in message
news:B217ABF4-1170-4B4C...@microsoft.com...

Kevin

unread,
Mar 2, 2007, 12:59:02 AM3/2/07
to
I'll try to explain. :)

My client is accessing the server remotelly for OWA. They called me to say
that they are getting a blank web page with "440 Timeout" message. I was able
to restart the IIS and the OWA login page displayed properly. Then when they
went to login to OWA the page would return page to the login page as if they
have mistyped the logins.

After hours of research I found that an entry "Access this computer from the
network" under the "Default Domain Controllers Policy" setting was blank. I
edited that setting to reflect what should be in there but they get wiped on
a reset from somewhere.

I've been trying to find out where this is happening from and looking for
some help in where to look and how to fix it.

Tx - Kevin

Roger Abell [MVP]

unread,
Mar 3, 2007, 12:58:37 AM3/3/07
to
Thanks Kevin, I follow you now, that the settings for the
network login user right is getting blanked out in the
Default DC GPO. The problem is, I know of nothing that
would do that.
As a workaround until you determine what is doing that,
how about creating a new GPO, linking it at to the DCs OU
at a higher priority than the Default DC GPO, and in this new
GPO setting the value for network login user right ?
There may be something particular about SBS, but in general
in Windows there is nothing that automatically resets values
in GPOs, so you have some investigating to do as to what is
on that machine doing that.

Roger
"Kevin" <Ke...@discussions.microsoft.com> wrote in message

news:155F6A0D-8CDE-4032...@microsoft.com...

Kevin

unread,
Mar 4, 2007, 12:11:10 PM3/4/07
to
Problem found. The server was infected with a “W32/Tilebot-IY” worm that
spreads via network shares. Its since been removed and all is well. This
worm was changing GPO settings every 5 to 10 minutes. Nice huh!

http://www.sophos.com/security/analyses/w32tilebotiy.html


0 new messages