+ Post New Thread
Results 1 to 5 of 5
Windows Server 2000/2003 Thread, Member server not allowing local users access in Technical; ...
  1. #1
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,153
    Thank Post
    184
    Thanked 52 Times in 45 Posts
    Rep Power
    26

    Member server not allowing local users access

    Could someone please tell me what Iím doing wrong as one of the servers is not playing ball for local users.

    In a nutshell Iíve got 2 servers, a dc and a member server both have file and print roles and both are running 2003.

    A user logs onto the domain and can access file and print services on both servers. User logs off and back on again as a local user using the same username and password. User can still use file and printing services on dc but member server gives this error:

    Event Type: Failure Audit
    Event Source: Security
    Event Category: Logon/Logoff
    Event ID: 529
    Date: 02/03/2012
    Time: 14:59:17
    User: NT AUTHORITY\SYSTEM
    Computer: <member server name>
    Description:
    Logon Failure:
    Reason: Unknown user name or bad password
    User Name: <username>
    Domain: <local computer name>
    Logon Type: 3
    Logon Process: NtLmSsp
    Authentication Package: NTLM
    Workstation Name: <local computer name>
    How do I fix it so local users can print to member server as well?

  2. #2
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,153
    Thank Post
    184
    Thanked 52 Times in 45 Posts
    Rep Power
    26
    Just to make it a little more interesting I have found that the Administrator account can use file/print services of both the DC and member server when logged on using a domain or local account but a local user can only access files on the member server if they use domain\username when mapping a drive.

    I've made another admin account that's identical to the Administrator and that is giving the same problems as a standard user.

  3. #3
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,153
    Thank Post
    184
    Thanked 52 Times in 45 Posts
    Rep Power
    26
    Bump!

    Anyone?

  4. #4
    Pete10141748's Avatar
    Join Date
    Nov 2007
    Posts
    1,366
    Thank Post
    106
    Thanked 221 Times in 131 Posts
    Rep Power
    87
    What you have written above is actually how the system is designed to work, and without knowing it you've exploited a Server 2003 trick / bug which has added to the confusion!

    If you have a domain logon and a local logon that are the same username & password, you can still get to a DC server running Server 2003 from the local account on the laptop/PC because it has the same user credentials - this does not work in Server 2008 where it looks for either the [domainname] or the [computername] before your username

    In other words, Server 2003 only see's the bits in bold: mydomain\administrator and mylaptop\administrator so if the passwords are the same for both accounts it lets you have DC access as the DC will have a record for that username & password; however it will not let you access other servers in your domain because it will not authenticate beyond itself. Just to note, in Server 2008 the DC sees all of the it mydomain\administrator and mylaptop\administrator and so no local account can access the servers without entering the username & password for a domain account with access rights.

    What all that summises to is that you won't be able to get a standard user's local logon account to access the servers without inputting a domain username&password with access rights because the DC will not authenticate a local account to access a domain service.

    If you need a workaround, how about creating a domain account specifically for these local users which you can give them the username&password for so they can authenticate themselves when the dialogue box pops up asking them to? Get them to access a server share on the member server first, enter the username & password you have set up, and then for as long as they remain logged in they won't have to enter it again to print and use the servers as they need to.
    Last edited by Pete10141748; 19th March 2012 at 03:29 PM.

  5. Thanks to Pete10141748 from:

    Jobos (19th March 2012)

  6. #5
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,153
    Thank Post
    184
    Thanked 52 Times in 45 Posts
    Rep Power
    26
    Thanks for the in depth reply. This all came about because the local users need to access the print server which is on the member server, the file access was just my method of testing as it was quicker than accessing the printers

    With your reply in mind I've made a dummy read only share on the print server and put a batch file on the pc desktop which maps the share so creating the authentication. I can now add the printers without problems.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 5
    Last Post: 4th December 2009, 11:50 PM
  2. How to allow laptop users to sync to server
    By Little-Miss in forum Learning Network Manager
    Replies: 16
    Last Post: 15th September 2009, 10:40 AM
  3. Server not accessible error
    By bmdixon in forum Windows Server 2000/2003
    Replies: 21
    Last Post: 16th April 2009, 02:10 PM
  4. Server 2003 not allowing me to hot-swap sata drives.
    By Deaks in forum Windows Server 2000/2003
    Replies: 5
    Last Post: 28th October 2008, 12:55 PM
  5. Replies: 16
    Last Post: 29th February 2008, 11:15 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •