我已经安装了 Windows 2008 Server Standard R2 并安装了 AD/DNS 服务器。之后,我无法登录我创建的本地用户。
“您无法登录,因为此计算机上不允许您使用的登录方法”
我尝试删除并重新创建用户,但无济于事。在网络上有很多情况下报告了此错误,我一直在尝试所有建议的解决方案,我可以找到并且在过去 3 小时内一直在这样做。
我仍然可以使用域管理员的管理员帐户登录。使用组策略管理(默认域策略 -> 计算机配置 -> 策略 -> Windows 设置 -> 安全设置 -> 本地策略 -> 用户权限分配)。我启用了“允许本地登录”并添加了“域用户”。它不起作用 - 我什至尝试过“每个人”。
这是有关用户的一些信息。
User name joshua
Full Name joshua
Comment
User's comment
Country code 000 (System Default)
Account active Yes
Account expires Never
Password last set 3/12/2015 7:24:55 AM
Password expires Never
Password changeable 3/13/2015 7:24:55 AM
Password required Yes
User may change password No
Workstations allowed All
Logon script
User profile
Home directory
Last logon 3/12/2015 9:06:45 AM
Logon hours allowed All
Local Group Memberships
Global Group memberships *Domain Users
The command completed successfully.
这是 gpresult 输出:
Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 3/12/2015 at 8:46:39 AM
RSOP data for mydomain\administrator on WIN2K8SERVER : Logging Mode
------------------------------------------------------------------------
OS Configuration: Primary Domain Controller
OS Version: 6.1.7601
Site Name: Default-First-Site-Name
Roaming Profile: N/A
Local Profile: C:\Users\Administrator
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
CN=WIN2K8SERVER,OU=Domain Controllers,DC=mydomain,DC=local
Last time Group Policy was applied: 3/12/2015 at 8:43:12 AM
Group Policy was applied from: win2k8server.mydomain.local
Group Policy slow link threshold: 500 kbps
Domain Name: mydomain
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
Default Domain Controllers Policy
Default Domain Policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The computer is a part of the following security groups
-------------------------------------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Pre-Windows 2000 Compatible Access
BUILTIN\Users
Windows Authorization Access Group
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
This Organization
WIN2K8SERVER$
Domain Controllers
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
Denied RODC Password Replication Group
System Mandatory Level
Resultant Set Of Policies for Computer
---------------------------------------
Software Installations
----------------------
N/A
Startup Scripts
---------------
N/A
Shutdown Scripts
----------------
N/A
Account Policies
----------------
GPO: Default Domain Policy
Policy: MaxRenewAge
Computer Setting: 7
GPO: Default Domain Policy
Policy: MaximumPasswordAge
Computer Setting: 42
GPO: Default Domain Policy
Policy: MinimumPasswordAge
Computer Setting: 1
GPO: Default Domain Policy
Policy: MaxServiceAge
Computer Setting: 600
GPO: Default Domain Policy
Policy: LockoutBadCount
Computer Setting: N/A
GPO: Default Domain Policy
Policy: MaxClockSkew
Computer Setting: 5
GPO: Default Domain Policy
Policy: MaxTicketAge
Computer Setting: 10
GPO: Default Domain Policy
Policy: PasswordHistorySize
Computer Setting: 24
GPO: Default Domain Policy
Policy: MinimumPasswordLength
Computer Setting: 7
Audit Policy
------------
N/A
User Rights
-----------
GPO: Default Domain Controllers Policy
Policy: MachineAccountPrivilege
Computer Setting: Authenticated Users
GPO: Default Domain Controllers Policy
Policy: ChangeNotifyPrivilege
Computer Setting: Everyone
LOCAL SERVICE
NETWORK SERVICE
Administrators
Authenticated Users
Pre-Windows 2000 Compatible Access
GPO: Default Domain Controllers Policy
Policy: IncreaseBasePriorityPrivilege
Computer Setting: Administrators
GPO: Default Domain Controllers Policy
Policy: TakeOwnershipPrivilege
Computer Setting: Administrators
GPO: Default Domain Controllers Policy
Policy: RestorePrivilege
Computer Setting: Administrators
Backup Operators
Server Operators
GPO: Default Domain Controllers Policy
Policy: DebugPrivilege
Computer Setting: Administrators
GPO: Default Domain Controllers Policy
Policy: SystemTimePrivilege
Computer Setting: LOCAL SERVICE
Administrators
Server Operators
GPO: Default Domain Controllers Policy
Policy: SecurityPrivilege
Computer Setting: Administrators
GPO: Default Domain Controllers Policy
Policy: ShutdownPrivilege
Computer Setting: Administrators
Backup Operators
Server Operators
Print Operators
GPO: Default Domain Controllers Policy
Policy: AuditPrivilege
Computer Setting: LOCAL SERVICE
NETWORK SERVICE
GPO: Default Domain Controllers Policy
Policy: InteractiveLogonRight
Computer Setting: Administrators
Backup Operators
Account Operators
Server Operators
Print Operators
GPO: Default Domain Controllers Policy
Policy: CreatePagefilePrivilege
Computer Setting: Administrators
GPO: Default Domain Controllers Policy
Policy: BatchLogonRight
Computer Setting: Administrators
Backup Operators
Performance Log Users
GPO: Default Domain Controllers Policy
Policy: NetworkLogonRight
Computer Setting: Everyone
Administrators
Authenticated Users
ENTERPRISE DOMAIN CONTROLLERS
Pre-Windows 2000 Compatible Access
GPO: Default Domain Controllers Policy
Policy: SystemProfilePrivilege
Computer Setting: Administrators
NT SERVICE\WdiServiceHost
GPO: Default Domain Controllers Policy
Policy: RemoteShutdownPrivilege
Computer Setting: Administrators
Server Operators
GPO: Default Domain Controllers Policy
Policy: BackupPrivilege
Computer Setting: Administrators
Backup Operators
Server Operators
GPO: Default Domain Controllers Policy
Policy: EnableDelegationPrivilege
Computer Setting: Administrators
GPO: Default Domain Controllers Policy
Policy: UndockPrivilege
Computer Setting: Administrators
GPO: Default Domain Controllers Policy
Policy: SystemEnvironmentPrivilege
Computer Setting: Administrators
GPO: Default Domain Controllers Policy
Policy: LoadDriverPrivilege
Computer Setting: Administrators
Print Operators
GPO: Default Domain Controllers Policy
Policy: IncreaseQuotaPrivilege
Computer Setting: LOCAL SERVICE
NETWORK SERVICE
Administrators
GPO: Default Domain Controllers Policy
Policy: ProfileSingleProcessPrivilege
Computer Setting: Administrators
GPO: Default Domain Controllers Policy
Policy: AssignPrimaryTokenPrivilege
Computer Setting: LOCAL SERVICE
NETWORK SERVICE
Security Options
----------------
GPO: Default Domain Policy
Policy: PasswordComplexity
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: ClearTextPassword
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: ForceLogoffWhenHourExpire
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: RequireLogonToChangePassword
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: LSAAnonymousNameLookup
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: TicketValidateClient
Computer Setting: Enabled
GPO: Default Domain Controllers Policy
Policy: @wsecedit.dll,-59013
ValueName: MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity
Computer Setting: 1
GPO: Default Domain Controllers Policy
Policy: @wsecedit.dll,-59043
ValueName: MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature
Computer Setting: 1
GPO: Default Domain Controllers Policy
Policy: @wsecedit.dll,-59044
ValueName: MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature
Computer Setting: 1
GPO: Default Domain Policy
Policy: @wsecedit.dll,-59058
ValueName: MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash
Computer Setting: 1
GPO: Default Domain Controllers Policy
Policy: @wsecedit.dll,-59018
ValueName: MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal
Computer Setting: 1
Event Log Settings
------------------
N/A
Restricted Groups
-----------------
N/A
System Services
---------------
N/A
Registry Settings
-----------------
N/A
File System Settings
--------------------
N/A
Public Key Policies
-------------------
N/A
Administrative Templates
------------------------
N/A
USER SETTINGS
--------------
CN=Administrator,CN=Users,DC=mydomain,DC=local
Last time Group Policy was applied: 3/12/2015 at 8:44:25 AM
Group Policy was applied from: win2k8server.mydomain.local
Group Policy slow link threshold: 500 kbps
Domain Name: mydomain
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
N/A
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Default Domain Policy
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups
---------------------------------------------------
Domain Users
Everyone
BUILTIN\Administrators
BUILTIN\Users
BUILTIN\Pre-Windows 2000 Compatible Access
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
Group Policy Creator Owners
Domain Admins
Enterprise Admins
Schema Admins
Denied RODC Password Replication Group
High Mandatory Level
The user has the following security privileges
----------------------------------------------
Bypass traverse checking
Manage auditing and security log
Back up files and directories
Restore files and directories
Change the system time
Shut down the system
Force shutdown from a remote system
Take ownership of files or other objects
Debug programs
Modify firmware environment values
Profile system performance
Profile single process
Increase scheduling priority
Load and unload device drivers
Create a pagefile
Adjust memory quotas for a process
Remove computer from docking station
Perform volume maintenance tasks
Impersonate a client after authentication
Create global objects
Change the time zone
Create symbolic links
Enable computer and user accounts to be trusted for delegation
Increase a process working set
Add workstations to domain
Resultant Set Of Policies for User
-----------------------------------
Software Installations
----------------------
N/A
Logon Scripts
-------------
N/A
Logoff Scripts
--------------
N/A
Public Key Policies
-------------------
N/A
Administrative Templates
------------------------
N/A
Folder Redirection
------------------
N/A
Internet Explorer Browser User Interface
----------------------------------------
N/A
Internet Explorer Connection
----------------------------
N/A
Internet Explorer URLs
----------------------
N/A
Internet Explorer Security
--------------------------
N/A
Internet Explorer Programs
--------------------------
N/A
域控制器上没有本地用户这样的东西。您必须使用域管理员帐户登录,然后创建域用户。
我很确定所有本地帐户都应该迁移到 AD,但无论哪种方式,看起来都出现了问题。
尝试创建一个新用户?
PS 如果您还没有编辑域策略,那么您绝对不需要这样做。事实上,你不需要做任何事情来“修复”这个问题,我什至会说,如果这实际上是一个真正的技术问题(而不是一个错误),那么我只是把盒子弄平然后重新开始,因为您最不需要的是摇摇欲坠的 DC。