One user cannot log into domain

20 Oct 2006 5:09 PM

Johnnycat

I apologize in advance if this is not the correct location for this.

What I have is a small network, with a Win2003 DC and 10 workstations. On
the server, there is a security group called "people." All users are members
of the group "people". Each XP workstation is joined to the domain, and each
has domain name\people in the local administrators group. That way they can
be local admins on their personal machine. Any user can go to any machine
and log into the domain. What we've gotten all of a sudden, is on one
particular machine, one particular user can no longer log in to the domain.
They get the invalid username or password error message. The username and
password are correct, as we can log into any of the other workstations using
those credentials, just not this one. This user has been able to log in to
this workstation before, just not in the last month or so. I checked the
folder for this user in documents and settings and checked effective
permissions and all are granted. I just cannot figure out where to go now.
All other users can log into this machine with no problem. I don't see
anything in the event viewer relating to this, so I'm out of ideas. I am
assuming that possibly the SID for this user is cached somewhere and it's
corrupt or something along those lines, but I don't know where that would be.
Any help, or ideas would be greatly appreciated. Thanks.

John

21 Oct 2006 2:49 PM

Lanwench [MVP - Exchange]

In news:4C0DFC26-A116-4192-B692-22D3DF222DD8@microsoft.com,

Johnnycat <Johnny***@discussions.microsoft.com> typed:

> I apologize in advance if this is not the correct location for this.
>
> What I have is a small network, with a Win2003 DC and 10
> workstations. On the server, there is a security group called
> "people." All users are members of the group "people". Each XP
> workstation is joined to the domain, and each has domain name\people
> in the local administrators group. That way they can be local admins
> on their personal machine.

Oooh, that is a bad idea. What's the justification for that?

Show quoteHide quote

> Any user can go to any machine and log
> into the domain. What we've gotten all of a sudden, is on one
> particular machine, one particular user can no longer log in to the
> domain. They get the invalid username or password error message. The
> username and password are correct, as we can log into any of the
> other workstations using those credentials, just not this one. This
> user has been able to log in to this workstation before, just not in
> the last month or so. I checked the folder for this user in
> documents and settings and checked effective permissions and all are
> granted. I just cannot figure out where to go now. All other users
> can log into this machine with no problem. I don't see anything in
> the event viewer relating to this, so I'm out of ideas. I am
> assuming that possibly the SID for this user is cached somewhere and
> it's corrupt or something along those lines, but I don't know where
> that would be. Any help, or ideas would be greatly appreciated.
> Thanks.

If you use roaming profiles, delete the locally cached copy. Or, rename the
roaming profile folder and have the user log in to re-create the roaming
one.
Or, blow away the user's cached profile (control panel | system ....) and
try again, and recreate the profile.

You should also download & install the "User Profile Hive Cleanup Utility"
from MS - on all machines. It helps a lot.

There are too many dangerous things that users can deliberately, or
inadvertently, do when they have local administrator rights - or even power
user. I would remove "People" from the local admin groups immediately - if
you keep your workstations standard/stable, you are unlikely to have many
problems with them.

Show quoteHide quote

>
> John