One user cannot log into domain

One user cannot log into domain

Post by Sm9obm55Y2 » Sun, 22 Oct 2006 02:09:02


I apologize in advance if this is not the correct location for this.

What I have is a small network, with a Win2003 DC and 10 workstations. On
the server, there is a security group called "people." All users are members
of the group "people". Each XP workstation is joined to the domain, and each
has domain name\people in the local administrators group. That way they can
be local admins on their personal machine. Any user can go to any machine
and log into the domain. What we've gotten all of a sudden, is on one
particular machine, one particular user can no longer log in to the domain.
They get the invalid username or password error message. The username and
password are correct, as we can log into any of the other workstations using
those credentials, just not this one. This user has been able to log in to
this workstation before, just not in the last month or so. I checked the
folder for this user in documents and settings and checked effective
permissions and all are granted. I just cannot figure out where to go now.
All other users can log into this machine with no problem. I don't see
anything in the event viewer relating to this, so I'm out of ideas. I am
assuming that possibly the SID for this user is cached somewhere and it's
corrupt or something along those lines, but I don't know where that would be.
Any help, or ideas would be greatly appreciated. Thanks.

John
 
 
 

One user cannot log into domain

Post by Lanwench [ » Sun, 22 Oct 2006 23:49:21


Johnnycat < XXXX@XXXXX.COM > typed:

Oooh, that is a bad idea. What's the justification for that?


If you use roaming profiles, delete the locally cached copy. Or, rename the
roaming profile folder and have the user log in to re-create the roaming
one.
Or, blow away the user's cached profile (control panel | system ....) and
try again, and recreate the profile.

You should also download & install the "User Profile Hive Cleanup Utility"
from MS - on all machines. It helps a lot.

There are too many dangerous things that users can deliberately, or
inadvertently, do when they have local administrator rights - or even power
user. I would remove "People" from the local admin groups immediately - if
you keep your workstations standard/stable, you are unlikely to have many
problems with them.