Computer Managed Prefs: Local Login Account Fails

Similar Messages

• Remote Computer Management Using Local Admin Credentials?

  As per your requirement, I would suggest you to have a look on Lepide remote admin tool that allows to remotely administer single or multiple computers in the entire network simultaneously spread across multiple domains. Tool is free.

  If you are running as a standard user on your workstation and need to user the Computer Management mmc to remotely manage a second Windows workstation on your domain, how do you do this without using a domain account that is local admin on the remote system?If you open computer management locally first, you are prompted by UAC for local admin credentials on your local machine before you can even open Computer Management. If you provide those credentials and then try to connect to the remote computer using the mmc interface, you will get access denied errors if the administrator account isn't the same on both systems. It just fails without prompting for alternate credentials.Is there any workaround to get it to prompt and allow you to enter the local admin user credentials for the remote PC?I know you can get around this by using a...
  This topic first appeared in the Spiceworks Community

• Outlook refuses to add another exchange account on the same computer on another Local User Account

  So at home I have a family computer with some computer accounts. 
  at two of them, I installed Outlook 2013. On the first one, I added a existing Exchange account, and everything went well.
  but when I tried adding another existing Exchange account (on the same domain) Outlook displayed this message about 'not being able to set up a secure connection'. both the accounts existed and are working. 
  Is this because of the secure mail port (465) was already occupied? 
  what do I have to do?
  please help me!

  Hi,
  I understand that you setup one Exchange account on the first local account successfully, but failed to setup the second Exchange account on the second local account.
  As for the question "Is this because of the secure mail port (465) was already occupied? " I don't think it's the cause, but anyway, we can temporarily remove the first Exchange account from the first local account, and then try to add
  the second Exchange to the Second local account and see if the account can be configured successfully.
  I'd also like to know whether these accounts are local administrators or standard users, are the different permissions making a difference?
  If there's anything that I misunderstood, please feel free to let me know.
  Regards,
  Melon Chen
  TechNet Community Support
  It's recommended to download and install
  Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
  programs.

• Two iPods, One computer, Different Login accounts

  Hi. I've had my iPod Mini for about two years now and my mother just bought one for herself. On our computer we use different login accounts which is basically just different settings. So iTunes has it's own library on each account and we can add songs to the different libraries.
  But when we try and update my mother's iPod, we go to click 'Update iPod', but it is greyed out. Is there any way around this or can we only use one iPod on the whole computer, despite the different accounts.

  Check this out.
  Multiple iPods on one computer
  http://docs.info.apple.com/article.html?artnum=300432
  Mort

• Can not log into server computer with any accounts - "You are unable to login to the user account "abcdefg" at this time. Logging in to the account failed because an error occurred."

  I have a Mac mini running the latest version of OS X and Server. Been running fine and flawlessly. However, I had a strange problem with the iCloud preferences panel crashing when I tried to access it, so I rebooted. Now I can not log into the system with any accounts. My master admin account (along with all the others) gives me the error:
  You are unable to login to the user account "abcdefg" at this time. Logging in to the account failed because an error occurred."
  I am able to see the server from other macs and I can log into it using the same account, but it only shows me a few of the shared folders I have access to but NOT to my main directories.
  Rebooting into Command-R and doing a disk utility, I try and repair permission on that drive and get a bunch of errors like:
  ACL found but not expected on Users
  Repaired "Users"
  ACL found but not expected on Users/.localized
  Repaired "Users/.localized"
  ACL found but not expected on Users/Shared
  Repaired "Users/shared"
  ACL found but not expected on Users/Shared/.localized
  Repaired "Users/Shared/.localized"
  Permissions repair complete.
  But rebooting is no joy...same problem. Any idea what is going on or how to repair it? Should I do a time machine restore? Complete new OS X install? Any idea what is causing this or how to salvage it?

  Got everything to re-install and it worked fine...for a few hours. Then I came in to find ALL of my network users deleted. Just GONE. Then found out the Open Directory was trashed and was unable to open, recover or restore from a backup. Looks like I may have a bad drive here.
  I installed a new drive in the system, re-installed and so far (for a couple of hours anyway) the system seems to be working and stable.

• Pwpolicy won't disable a local user account login!

  Hello everyone. I have two macs. One mac is running OS 10.4, the other is 10.5. Neither of these computers are remotely managed nor are they bound to an open directory server. I have one local administrative account on each computer I want to leave on the computer but disable login access. I'm trying to use the command:
  pwpolicy -a shortNameOfAdministratorAccount -u shortNameOfAccountToChange -setpolicy "isDisabled=1"
  When I enter this in the terminal it asks for my administrative password for the account specified in shortNameOfAdministratorAccount. Once I enter it and press return the command returns no errors, just returns to the prompt. However, I can go back to the login window, click on the account I'm trying to disable, type in the password, and I can log in. I've tried running this command under different accounts, a root shell, etc.... Nothing seems to work. Any suggestions? Thanks.

  xnav wrote:
  I get this:
  Path:~$pwpolicy -n /Local/Default -getglobalpolicy
  usingHistory=0 canModifyPasswordforSelf=1 usingExpirationDate=0 usingHardExpirationDate=0 requiresAlpha=0 requiresNumeric=0 expirationDateGMT=12/31/69 hardExpireDateGMT=12/31/69 maxMinutesUntilChangePassword=0 maxMinutesUntilDisabled=0 maxMinutesOfNonUse=0 maxFailedLoginAttempts=0 minChars=0 maxChars=0 passwordCannotBeName=0 requiresMixedCase=0 requiresSymbol=0 newPasswordRequired=0 minutesUntilFailedLoginReset=0 notGuessablePattern=0
  Re. Tiger working without server, see [this|http://lists.apple.com/archives/fed-talk/2007/Dec/msg00035.html]. You may want to try the global query using 'sudo'.
  You get that without sudo, though?
  Interesting link. However,
  sudo pwpolicy -n /NetInfo/DefaultLocalNode -getglobalpolicy
  Password:
  *Error: eDSInvalidRecordName : (-14133) for dsDoDirNodeAuth
  Method = dsAuthMethodStandard:dsAuthGetGlobalPolicy
  /NetInfo/DefaultLocalNode
  - cfr

• An account failed to log on unknown username or password. Causing Login audit failures

  I have a SBS11 Essentials server that is getting audit Failures over and over again. There computer account says it's the SBS11 server it's self.  It says unknown user name or bad password. I have checked for scheduled tasks, backup jobs, services and
  non of them are using any special user accounts.  I have used MS network monitor and can't find anything helpful to lead to the issue.  All computers in the network are running Windows 7.  The domain functional level is 2008 R2.
  I get a the 4768 event ID about a Kerberos event and then just after I get a Event ID 4625 account failure with Logon Type 3.  I have includes the events below.  I need to figure what is causing the audit failures as my GFI Test Hacker alert is
  catching it every morning.  Disabling the Test Hacker alert is not a option.  I have used Process Explorer also but can't seem to pin it down.  I also enabled Kerberos logging.
  http://support.microsoft.com/kb/262177?wa=wsignin1.0.  All event codes state its a unknown or no existing account but how do I stop it from happening?
  This is from the System Event log
  A Kerberos Error Message was received:
  on logon session TH.LOCAL\thsbs11e$
  Client Time:
  Server Time: 14:59:53.0000 3/4/2014 Z
  Error Code: 0x6 KDC_ERR_C_PRINCIPAL_UNKNOWN
  Extended Error:
  Client Realm:
  Client Name:
  Server Realm: TH.LOCAL
  Server Name: krbtgt/TH.LOCAL
  Target Name: krbtgt/[email protected]
  Error Text:
  File: e
  Line: 9fe
  Error Data is in record data.
  This is from the Security Event log
  A Kerberos authentication ticket (TGT) was requested.
  Account Information:
  Account Name: S-1-5-21-687067891-4024245798-968362083-1000
  Supplied Realm Name: TH.LOCAL
  User ID: NULL SID
  Service Information:
  Service Name: krbtgt/TH.LOCAL
  Service ID: NULL SID
  Network Information:
  Client Address: ::1
  Client Port: 0
  Additional Information:
  Ticket Options: 0x40810010
  Result Code: 0x6
  Ticket Encryption Type: 0xffffffff
  Pre-Authentication Type: -
  Certificate Information:
  Certificate Issuer Name:
  Certificate Serial Number:
  Certificate Thumbprint:
  Certificate information is only provided if a certificate was used for pre-authentication.
  Pre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.
  I then get teh following error in the next event
  An account failed to log on.
  Subject:
  Security ID: SYSTEM
  Account Name: THSBS11E$
  Account Domain: TH
  Logon ID: 0x3e7
  Logon Type: 3
  Account For Which Logon Failed:
  Security ID: NULL SID
  Account Name:
  Account Domain:
  Failure Information:
  Failure Reason: Unknown user name or bad password.
  Status: 0xc000006d
  Sub Status: 0xc0000064
  Process Information:
  Caller Process ID: 0x25c
  Caller Process Name: C:\Windows\System32\lsass.exe
  Network Information:
  Workstation Name: THSBS11E
  Source Network Address: -
  Source Port: -
  Detailed Authentication Information:
  Logon Process: Schannel
  Authentication Package: Kerberos
  Transited Services: -
  Package Name (NTLM only): -
  Key Length: 0
  This event is generated when a logon request fails. It is generated on the computer where access was attempted.
  The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
  The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
  The Process Information fields indicate which account and process on the system requested the logon.
  The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
  The authentication information fields provide detailed information about this specific logon request.
  - Transited services indicate which intermediate services have participated in this logon request.
  - Package name indicates which sub-protocol was used among the NTLM protocols.
  - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

  Well I opened the case for him and he never followed up with Microsoft :-(
  It's a kerberos issue, we're told to ignore it.  Would you be willing to be patient and stubborn and work with CSS to at least understand what's going on better?  I can tell you it's normal with Essentials but not the exact technical reason it's
  happening.
  Unfortunately TechNet isn't coming back, sorry folks :-(

• Msiexec /qn fails when its not run using the built-in local administrator account

  Hello all,
  I am working on a project where I am trying to automate the deployment of VMs through a self-service portal.
  Among other tasks such as clone VM, sysprep it, assign an IP, create AD computer object, join VM to domain and so on..., i need to install a few applications using msiexec, which is driving me crazy...
  For this purpose, I am using a local user account part of the administrators group.
  Please note, UAC is disabled on all the OS.
  Basically, the msi installation works as expected on Windows 7 machines, however on Windows 8/2012, it fails due to lack of permissions. The curious thing is that if I use the built-in\administrator account instead for the deployment on those systems, the
  application is installed correctly.
  I have tested some things such as: DisableMSI (http://msdn.microsoft.com/en-us/library/aa368304%28v=vs.85%29.aspx), but although it progresses a bit further, it keeps failing.
  Does anyone know what I can do to allow an user part of the administrators local group to be able to install using msiexec /qn?
  Thanks in advance.

  Hi,
  Does it work if you use the account in local admin, and run the commands prompt as administrator to install the msi file? Please know that Only the built in administrator account has admin privilege by default. On other admin accounts you need
  to run with elevated privilege (ie runas).
  I would like to know if you use SCCM to perform your deployment with task sequence.
  As I known, even if you disable UAC, the following policy is still enabled to detect application installation.
  Computer configuration\Windows settings\Security Settings\Local
  Policies\Security Options -> User Account Control: Detect application installations and prompt for elevation policy
  Please disable this policy to see if your issue can be fixed. 
  Kate Li
  TechNet Community Support

• Main account fails to login

  I am using a G4 iBook running OS X 10.4.10. I have already run repair permissions and the automated maintenance of Onyx.
  The main account I use, which is not an admin account, fails to login. My wife's account and the admin account both still works. What happens is that I select the account and type in the password. When I hit enter the password is highlighted and the "log in" and "back" buttons become disabled. However, the loading bar does not appear at all and no logging in happens. I have noticed that I can still re-enter the password but the buttons are still disabled. I have the restart the computer to get back to the login screen.
  This problem began immediately after the computer suddenly turned off while I was browsing the iTunes store.
  Message was edited by: Robert Monroe

  Two things to try, Robert. Go to System Preferences > Accounts and see if there is anything strange in your Login Items.
  Then boot from your Mac OS X install DVD and go to Disk Utility and run repair disk. You've already correctly run repair permissions (you do this while booted from your internal HD). But you have to boot from your install DVD to run repair disk. Somethin in your Mac's directory might have been disturbed when the computer suddenly turned off while you were using it. Repair disk is capable of fixing some of these problems.
  Regards,
  Steve M.

• RDS 2012 R2 - How do I lockdown access to Local Computer Management and Windows Backup via Group Policy

  Greetings all,
  I am needing assistance in how to lockdown access to Local Computer Management and Windows Backup via Group Policy for users that access RDS service. I have followed this awesome guide - h t t p://w w w.it.ltsoy.com/windows/lock-down-remote-desktop-services-server-2012/
    - but it is missing two important resources that I would like to lock down.Currently, I have successfully locked down Control Panel for users via Group Policy, but I cannot find any group policy or guide on how to restrict user access
  to Computer Management (different to Server Manager). When using Win-X shortcut to open the 'Administrator's shortcuts' near the windows icon, I have locked down everything except Computer Management. Computer Management gives direct access to Disk Management,
  Shares etc, which are locked down for users. But Windows Server Backup is still accessible. Can someone please guide me on how to restrict access to both Computer Management and Windows Server Backup.
  Thanks in advance.
  Terry.

  Prevent running of Windows Server Backup
  Computer Configuration\Policies\Windows Settings\Security Settings\File System
  Right click on File System - Add File - Drill down to \System32\wbadmin.msc
  On the Database Security ACL that pops up - Remove Creator Owner, Remove Users and check Adminstrators have Full Access.
  On the Object window - choose Propagate inheritable permissions to all... (Default)

• What is the difference between using the command "dsmgmt" and the "Managed By" tab when adding users to the local administrators Account on a Read-Only Domain Controller?

  When I use the
  "dsmgmt" command to add a user to the local administrators account of a RODC I can actually see the user when I use the "Show Role Administrators" parameter. However, I can't see the members of the
  group added to the "Managed By" tab of the RODC object in AD. Even though, the users added using
  "dsmgmt" and by the "Managed By" tab can all log in locally and have admin rights to the RODC. Are there any differences between these two ways of adding users to the local administrators account? 

  Hi,
  For groups, managedBy is an administrative convenience to designate “group admins”. Whatever principal listed in
  managedBy gets permission to update a group’s membership (the actual security is updated on the group’s AD object to allow this).
  In Win2008 and later managedBy also became the way you delegated local administration on an RODC, allowing branch admins to install patches, manage shares, etc. (http://technet.microsoft.com/en-us/library/cc755310(WS.10).aspx). 
  On the RODC, this is updating the RepairAdmin registry value within RODCRoles.
  So the difference between them should be only the way they do the same thing.
  For more details, please refer to the below article:
  http://blogs.technet.com/b/askds/archive/2011/06/24/friday-mail-sack-wahoo-edition.aspx
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Can't login on iMac to Local Network accounts on server

  I'm a volunteer at the Marjorie P Lee retirement community. We had two iMacs that were available for residents to use. We recently bought two more iMacs and a Mac Mini Server. The goal is to make it possible for residents to use any of the computers and have their files available.
  I have set up the server and did the updates so the machine is running 10.9.4 and the latest update of the server software. I have enabled Open Directory and created a couple of Local Network User accounts for testing. I also enabled file sharing and Time Machine backups.
  One of our older iMacs is running OS X 10.6.8. On this iMac, I went to the Users & Groups pane and under Login Options I connected to the Network Account Server. I got the green dot indicating that the connection was successful. I then enabled network logins. This worked; I am now able to login on this iMac to the local network accounts on the server.
  I did exactly the same thing on one of our brand new iMacs. Again I got the green dot indicating a successful connection to the server. Unfortunately I have been unable to login to the local network accounts from this machine. When I try to login, the password shakes as though I had entered the wrong password.
  What do I need to do to fix this?
  Thanks for any help you can provide.
  ~~Dan

  Most likely your Imac is using g or n to broadcast wirelessly while your router is using b.  Solution update your router.
  Greetings from Northern Ontario, Canada

• Cannot Retrieve referenced URL in wscript file from Local System Account, but not other accounts on the computer.

  Hello,
  I have a WScript File that includes an external resource (js file).
  It works on one computer and it does not work on another computer.
  If I run this file from a normal admin command prompt everything runs fine on both computers.
  If I run this file from the Local System account using PsExec it runs fine on one of the computers and throws an error "Cannot Retrieve referenced URL" on the other computer.
  The reason I want it to run from the Local System account is that it is executed from a Windows Service.
  Is there some setting or some way for the IE cache to get corrupt on the Local System account or something like that?

  JRV,
  You are by far the worst 'support' person I've ever seen. If you aren't going to be thoughtful in providing support, don't pretend. If you're going to pretend, leave your condescension on the shelf. You have provided no thoughtfulness whatsoever to his issue,
  and have in no way improved the discourse. You are arrogant and condescending without exhibiting any intelligence whatsoever. I'm impressed Matt kept calm through your demeaning, counterproductive diatribes.
  Matt,
  First I'd check UAC settings, because I believe that can change how elevation works substantially.
  Second, I would check the versions of wscript.exe on both machines, both in System32 and SysWow, and I'd check for updates bypassing WSUS to make sure there's not something silly going on there (totally a shot in the dark, catch-all theory).
  Have you made any headway in the last few weeks?
  -John
  This is not a support forum and it is not for assistance in fixing broken configurations.  It is a scripting forum. The OP proved that the issue is not the script but the environment it is running in.  You should not get mad just because you are
  not getting satisfaction.
  ¯\_(ツ)_/¯

• I can no longer use all of the "Computer Management" tools against a remote computer. "Local Users and Groups", "Event Viewer", "Performance Logs and Alerts" and "Device Manager"

  Hello All,
  I can no longer use all of the "Computer Management" tools against a remote
  computer. "Local Users and Groups", "Event Viewer", "Performance Logs and
  Alerts" and "Device Manager"
  kindly see the below snapshot for assistance
  REGARDS DANISH DANIE

  This link may help....
  http://windowsxp.mvps.org/admintools.htm
  Freeman

• I try to authorize my computer and when i login i was told to review my account but i also dont have a visa or a credit card so how can i skip it ?

  i try to authorize my computer and when i login i was told to review my account  but i also dont have a vice or a credit card so how can i skip it ?

  Not it. Thanks. I tried it, so thanks for the tip, but I get the same error message. That I need to authorize this computer to get the purchases. I guess it's not really an error message. But It will not let me proceed any further. Once again I have deauthorized and this is the only computer that is authorized for this account.
  Then
  Then and last
  Pretty annoying. Any ideas?