Remote user received a "deny log on locally" policy - and is now locked out

Similar Messages

• HT201210 Before updating ios on my ipad I didn't have a passcode. It now wants me to log in a code. I tried one I used previously, then 0000 but am now locked out and my ipad is disabled!

  Before updating ios on my ipad I didn't have a passcode. It now wants me to log in a code. I tried one I used previously, then 0000 but am now locked out and my ipad is disabled!

  Forgot password or device disabled
  http://support.apple.com/kb/ht1212

• How to allow user to select pdf file on local machine and populate field with file name only

  Folks,
  I have a project requirement that I am stumped on.  I am admittedly a novice, so forgive questions that may seem obvious.
  My requirement is a form running on a client system where the user can click a button and select a PDF file name from a PDF on their local machine and then populate a form field with that file path & filename.  The file names vary between all machines, so there is no static list.  Note that the PDF is not embedded, nothing is executed, I simply need the file name.
  There are several of these on a form (20+), so manual name entry is too error prone.   I would like to use a 'browse' type dialog, but can not figure out how to implement it.
  I've looked at app.browseForFile, but the users can not install a javascript file in their adobe folder or any other files;  the functionality has to be integral with the original PDF. 
  Functionally, this is no different from the image object file browse, except that I need a PDF instead of an image file, so there doesn't seem like there should be a security issue that is any different from those surrounding the image object.
  I've been stumped on this for the entire week, and I have a deadline rapidly approaching, so any examples or suggestions (please remember I'm a novice) would be greatly appreciated! 

  Thanks for the reply Paul - do you have any sample code of how to attach the PDF?  Or how the user can select a PDF to open?  I might be able to attach it, retrieve the file name, and then un-attach it.
  Alternatively, do you know how to retrieve the file name from the imagePath object?  It will let you select PDF files, but I can't find info on how to retrieve the file name.   It should be the way you would retrieve the file name for an image.
  As a novice in this, thanks for your help and patience!

• Office 2010 & 2007 - Excel and Access File Locking Out On the Network With Multiple Users

  This is also posted in the Office 2010 - IT Pro General Discussions, but was suggested to repost here, since a definitive answer was not found.
  Hi,
  An issue that's happening is that Excel and Access files are locking on the network. We're currently using Office 2007 and 2010.
  Here are some different scenarios that are happening:
  When opening the file it is locked out by “User X” which is the person that has the file locked out and no one else can open the file.
  When opening the file it is locked out by “User Y” which is NOT the actual person, but is locked out by “User X” and no one else can access the file.
  When opening the file  it is locked out by “…another user” which is generic and no one else can access the file.
  The two more common events are incident 1 and 2 with 3 happening the less common.
  This message will continue until the sessions are closed through computer management on the file server.
  The file server is running Windows Server 2003.
  This does happen on both Windows XP and Windows 7 clients.
  This does happen for users using Office 2007 and Office 2010.
  There are two sets of Office 2010 Users when it comes to patches. Everyone has the most current patches with Office 2010 SP2 while anyone that has Microsoft Project 2010 is using all the current update before Office 2010 SP2.
  All users that are using Office 2007 have all the current patches and service packs.
  Another variable is that we have users that will leave a file open on the network for 3+ days and after a while it will lock the file out.
  Also we have Shadow Copy that runs daily on the system which I'm not for sure if that impacts anything if a file is opening during that time.
  Any ideas on how to mitigate the lock out issues would be appreciated.
  Thanks,
  Binary Process
  Edit November 12, 2013: This issue can occur if and if not another person actually has the file open. If the person doesn't have the file open then there is a hung connection which needs to be disconnected by going to the Computer Management of the File
  server.

  Hi Binary,
  I know that the description of the hotfix does not relate to the issue. The purpose is to install it for upgrading SMB related file.
  A similar issue I encountered before:
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/b7fcc59b-52d9-4a02-863a-1a529bcb8cb1/temp-doc-etc-files-dont-close-after-a-file-closes-this-causes-locked-files?forum=winserverfiles
  It is resolved by upgrading SMB files so maybe it will help on your case.
  Another hotfix which may related:
  http://support.microsoft.com/kb/983458
  If you have any feedback on our support, please send to [email protected]

• I am trying to reinstall an admin password and got completely locked out. I can't get past the first log in

  I am trying to reset my admin password.  I think my computer was tampered with. I signed out completely and now, I am locked out.  I can't get past a black screen. I'm unsure of my operating system but I've had laptop about 2 years.

  If you boot from your install DVD and, after choosing language, go up to the Apple bar and select utilities, you can restore you admin and firmware psswds. You will these options there. Do not choose a firmware psswd if you do not need this, you may complicate your life, especially if you forget it.
  I do not understand how you changed the psswd and why you cannot log in, though. Did you forget the new psswd or why? What do you mean by ‘was tampered with’?

• I cannot verify my Apple ID. I keep getting the error that the email is in use by another user. I can log into the store and use Itunes without issue. But I cannot manage my Id. Any suggestions?

  When I try to log into Apple ID I get this message.
  I have not recieved a verifcation email and nothing is recieved when I resend it.
  The email address is correct and I use it daily.
  After I get this error message I can proceed no further with managing my ID
  Please Help!
  Verify your email address.
  A verification email was previously sent to [email protected] We can resend the verification email to the same address, or if this address is incorrect you can change your Apple ID and email address.
  Verify your email address.
  A verification email was previously sent to [email protected]. We can resend the verification email to the same address, or if this address is incorrect you can change your Apple ID and email address.
  Apple ID and Primary Email Address
  Email address is already verified for another Apple ID

  It may not be particularly helpful to you but I would not be surprised if the message number 2 refers to the verification you did that attracted message number 1.
  Just a thought.

• I'm trying to log intoi Facebook after I've been hacked, changed password did antivirus scan and I'm locked out

  I was on facebook and it was hacked. I notified facebook and deleted all remembered passwords in the system and ran anti-virus. Ever since then I've been unable to log onto facebook. Is this a problem with firefox or with face book itself? When I try to login using firefox I get www.facebook..com/checkpoint and doesn't go any further. I've changed my password and still cannot get into fb.

  I kind of thought that was the problem but can't seem to get anything from FB. I appreciate your quick response. Flip

• When you text someone from imessage and it says delivered..does this mean that the other person received the message already through their ipod and a notification pops out?

  im just wondering if the person im texting using imessage actually received my message when it says delivered..doesnt mean they read it but does it mean it applies the fact they can c the msg alrd like their ipod touch has received the msg and can b seen tru notification as well

  A red check means the text wasn't sent (maybe the number has been changed, they have texts blocked, there was a network problem).

• I have an ipad which I received from my fiancee' who passed away.  I used it for a year with my own ID.  I decided to have it cleared so that I could download apps.  I am now locked out . I have his ID no pswrd, suggestions? Genius bar no help

  Cannot activate ipad because myy fiance' who passed away had it connected to find my iphone and cloud
  I have his ipad ID but not his mail password.  I cannot get past security questions such as what was your first car, etc.
  No help from the Genius Bar at Orlando Millenia Mall or call to Apple Care.
  Any suggestions?
  I was using this for a year without problems until I decided to have it wiped and get my name on account for downloads from Itunes.

  iCloud: Find My iPhone Activation Lock in iOS 7
  http://support.apple.com/kb/HT5818
   Cheers, Tom

• I upgraded to IOS8 on my iPad2. I cannot log in on my password. I am now locked out.

  I upgraded my iPad 2 to IOS 8. It was working fine. I went in to Accessibility and turned on Speech (Speak Auto-text). I can't turn it off. It froze and I could not turn it off. I rebooted many times but can't get past the 4digit sign in I implemented. It will not recognize my password. I connected my iPad to my Mac and went to iTunes .
  It said I needed to disable find my iPad. I went to iCloud.com and deleted my iPad off my account. How can I resolve getting past my password?

  FORCE IPAD INTO RECOVERY MODE
  1. Turn off iPad
  2. Turn on computer and launch iTunes (make sure you have the latest version of iTune)
  3. Plug USB cable into computer's USB port
  4. Hold Home button down and plug the other end of cable into docking port.
  DO NOT RELEASE BUTTON until you see picture of iTunes and plug
  5. Release Home button.
  ON COMPUTER
  6. iTunes has detected iPad in recovery mode. You must restore this iPad before it can be used with iTunes.
  7. Select "Restore iPad"...
  Note:
  1. Data will be lost if you do not have backup
  2. You must follow step 1 to step 4 VERY CLOSELY.
  3. Repeat the process if necessary.

• Domain Admin locked out of local logon

  I have a customer we just took over for. They have an existing issue where the domain administrator cannot log in locally to the DC. I've looked through all their GPOs and cannot find any instance of the domain admin groups being specially being denied this
  right. In fact, it says right in the DC GPO that domain admins have the rights for local log in yet I can't seem to log in. Remote desktop works fine and that is how I've been accessing their DC but I cannot find an answer to this problem. Any ideas? 

  Policy Computer Setting
  Source GPO
  Access Credential Manager as a trusted caller
  Not Defined
  Access this computer from the network kcengr\IWAM_DELL-OFV7446Y6N,Everyone,kcengr\IUSR_DELL-OFV7446Y6N,kcengr\IWAM_DELL-OFV7446Y6N,Administrators,Authenticated Users,ENTERPRISE DOMAIN CONTROLLERS,Pre-Windows 2000 Compatible
  Access,kcengr\IUSR_DELL-OFV7446Y6N,kcengr\IIS_WPG
  Default Domain Controllers Policy
  Act as part of the operating system kcengr\bkupexec
  Default Domain Controllers Policy
  Add workstations to domain Authenticated Users
  Default Domain Controllers Policy
  Adjust memory quotas for a process NT SERVICE\MSSQL$SCANMAIL,IIS APPPOOL\Classic .NET AppPool,kcengr\IWAM_DELL-OFV7446Y6N,LOCAL SERVICE,NETWORK SERVICE,kcengr\IWAM_DELL-OFV7446Y6N,Administrators,IIS APPPOOL\DefaultAppPool,NT
  SERVICE\SQLAgent$SCANMAIL Default Domain Controllers Policy
  Allow log on locally kcengr\IUSR_DELL-OFV7446Y6N,Administrators,Backup Operators,Account Operators,Server Operators,Print Operators,kcengr\IUSR_DELL-OFV7446Y6N,kcengr\IIS_WPG
  Default Domain Controllers Policy
  Allow log on through Remote Desktop Services
  Not Defined
  Back up files and directories Administrators,Backup Operators,Server Operators
  Default Domain Controllers Policy
  Bypass traverse checking NT SERVICE\MSSQL$SCANMAIL,Everyone,Administrators,Authenticated Users,Pre-Windows 2000 Compatible Access,NT SERVICE\SQLAgent$SCANMAIL
  Default Domain Controllers Policy
  Change the system time Administrators,Server Operators,LOCAL SERVICE
  Default Domain Controllers Policy
  Change the time zone Not Defined
  Create a pagefile Administrators
  Default Domain Controllers Policy
  Create a token object kcengr\bkupexec
  Default Domain Controllers Policy
  Create global objects Not Defined
  Create permanent shared objects Default Domain Controllers Policy
  Create symbolic links Not Defined
  Debug programs Administrators
  Default Domain Controllers Policy
  Deny access to this computer from the network
  kcengr\SUPPORT_388945a0 Default Domain Controllers Policy
  Deny log on as a batch job Default Domain Controllers Policy
  Deny log on as a service Default Domain Controllers Policy
  Deny log on locally kcengr\SBS Remote Operators,kcengr\SUPPORT_388945a0,kcengr\SBS STS Worker
  Default Domain Controllers Policy
  Deny log on through Remote Desktop Services
  Not Defined
  Enable computer and user accounts to be trusted for delegation
  Administrators Default Domain Controllers Policy
  Force shutdown from a remote system Administrators,Server Operators
  Default Domain Controllers Policy
  Generate security audits LOCAL SERVICE,NETWORK SERVICE,IIS APPPOOL\Classic .NET AppPool,IIS APPPOOL\DefaultAppPool
  Default Domain Controllers Policy
  Impersonate a client after authentication Not Defined
  Increase a process working set Not Defined
  Increase scheduling priority Administrators
  Default Domain Controllers Policy
  Load and unload device drivers Administrators,Print Operators
  Default Domain Controllers Policy
  Lock pages in memory Default Domain Controllers Policy
  Log on as a batch job kcengr\bkupexec,kcengr\IWAM_DELL-OFV7446Y6N,LOCAL SERVICE,kcengr\IUSR_DELL-OFV7446Y6N,kcengr\IWAM_DELL-OFV7446Y6N,kcengr\IIS_WPG,kcengr\SUPPORT_388945a0,kcengr\IUSR_DELL-OFV7446Y6N,kcengr\IIS_WPG,IIS_IUSRS
  Default Domain Controllers Policy
  Log on as a service kcengr\Administrator,NT SERVICE\MSSQL$SCANMAIL,kcengr\SQLServer2005SQLBrowserUser$KC01,IIS APPPOOL\Classic .NET AppPool,kcengr\bkupexec,NETWORK SERVICE,IIS APPPOOL\DefaultAppPool,SYSTEM,NT SERVICE\SQLAgent$SCANMAIL
  Default Domain Controllers Policy
  Manage auditing and security log kcengr\Exchange Servers,kcengr\Exchange Enterprise Servers,Administrators
  Default Domain Controllers Policy
  Modify an object label Not Defined
  Modify firmware environment values Administrators
  Default Domain Controllers Policy
  Perform volume maintenance tasks Not Defined
  Profile single process Administrators
  Default Domain Controllers Policy
  Profile system performance Administrators
  Default Domain Controllers Policy
  Remove computer from docking station Administrators
  Default Domain Controllers Policy
  Replace a process level token NT SERVICE\MSSQL$SCANMAIL,IIS APPPOOL\Classic .NET AppPool,kcengr\IWAM_DELL-OFV7446Y6N,LOCAL SERVICE,NETWORK SERVICE,kcengr\IWAM_DELL-OFV7446Y6N,IIS APPPOOL\DefaultAppPool,NT SERVICE\SQLAgent$SCANMAIL
  Default Domain Controllers Policy
  Restore files and directories Administrators,Backup Operators,Server Operators
  Default Domain Controllers Policy
  Shut down the system Administrators,Backup Operators,Server Operators,Print Operators,SYSTEM
  Default Domain Controllers Policy
  Synchronize directory service data Default Domain Controllers Policy
  Take ownership of files or other objects Administrators
  Default Domain Controllers Policy
  I am using the domain administrator account to try and log on locally and I cannot see a reason within the DC's GP why it would be prevented. 

• Local Policy / Group Policy

  With 300 machines you are going to have to use GPO and not local policies. The scope is just way too large for going to each machine and doing the configAs for where and when to use Computer vs User GPO's, that's totally up to youYou should read the below:Computer Configuration in Group PolicyUser Configuration in Group PolicyWhat policies to apply will be in the scope of the desktop hardening so you will have to do your searches on that. Typically hardening would include security settings or some sort which will include password complexity, length and expiration right down to stopping the installation of executables on a machine.These policies will be different in each environment so you will have to do some homework about what GPO's need to be applied

  Hi Spiceheads,
  I have a question regarding local policy and group policy.
  I received a workstation hardening procedure but I need to apply this settings for 300 computers can I use group policy instead of local policy? if yes how and what option I need to select Computer Configuration of User Configuration?
  All 300 computers are connected to the same Domain.
  Thank you.
  This topic first appeared in the Spiceworks Community

• User settings reset and locked out of user folders ! How do I retreive?

  Hi everyone,
  I'm sure a number of people here on the forums have come across the problem with the blue tint that appears every now and then. It usually appears when connecting an external monitor after the you come back from the screen saver.
  Yesterday it happened for the first time without an external monitor connected. I have found a number of sites that have suggested using the command 'sudo chmod 664 *' within the Terminal. I have used it a couple of times to fix this problem but it did not work hence the reason it happened yesterday without a monitor connected. When I did use this command previously I first entered
  cd /library/colorsync/profiles/display
  When i did it for this occassion i forgot to enter the display folder first.
  After this I did a restart and all my user settings were reset and I was locked out of all my user folders. I lost all my desktop settings and everything was back to when I first started my computer.
  I did some hunting and found the command 'sudo chmod 777'. I tried this then did a reset and my desktop background returned and the folders were unlocked.
  What I want to know is if this is the correct command to bring everything back to normal?
  My user permissions in terminal are listed below
  Using the command sudo chmod 664 *
  drw-rw-r--+ 15 JoeBros staff 510 11 Jun 23:33 Desktop
  drw-rw-r--+ 19 JoeBros staff 646 22 May 20:44 Documents
  drw-rw-r--+ 46 JoeBros staff 1564 25 Jun 15:08 Downloads
  drw-rw-r--+ 45 JoeBros staff 1530 10 Jun 23:56 Library
  drw-rw-r--+ 4 JoeBros staff 136 1 Apr 19:19 Movies
  drw-rw-r--+ 38 JoeBros staff 1292 4 Apr 18:08 Music
  -rw-rw-r-- 1 JoeBros staff 92352512 29 May 18:20 Parallels-Desktop-5600-Mac-en.dmg
  drw-rw-r--+ 57 JoeBros staff 1938 25 Jun 16:02 Pictures
  drw-rw-r--+ 6 JoeBros staff 204 14 Jun 15:56 Public
  drw-rw-r--+ 5 JoeBros staff 170 26 Mar 00:59 Sites
  This is what is displayed after sudo chmod 777
  total 180376
  drwxrwxrwx+ 15 JoeBros staff 510 11 Jun 23:33 Desktop
  drwxrwxrwx+ 19 JoeBros staff 646 22 May 20:44 Documents
  drwxrwxrwx+ 46 JoeBros staff 1564 25 Jun 15:08 Downloads
  drwxrwxrwx+ 45 JoeBros staff 1530 10 Jun 23:56 Library
  drwxrwxrwx+ 4 JoeBros staff 136 1 Apr 19:19 Movies
  drwxrwxrwx+ 38 JoeBros staff 1292 4 Apr 18:08 Music
  -rwxrwxrwx 1 JoeBros staff 92352512 29 May 18:20 Parallels-Desktop-5600-Mac-en.dmg
  drwxrwxrwx+ 57 JoeBros staff 1938 25 Jun 16:02 Pictures
  drwxrwxrwx+ 6 JoeBros staff 204 14 Jun 15:56 Public
  drwxrwxrwx+ 5 JoeBros staff 170 26 Mar 00:59 Sites
  Does this look correct ??
  Any help would be great thanks

  I assume this access is open to everyone when I connecto any wireless network
  No necessarily, it depends whether you just changed your home folders and nothing else.
  But just your home folders present a problems as they should have extended attributes which are now removed. More on that later.
  Using one chmod to a directory affects all equally, though the files may have individually different permissions.
  I don't know how extensively you have altered the modes permissions, but from what you have shown in your first post your Home folders are incorrect.
  For your home folder, which is the default location when you start Terminal, and I dont think you have strayed from there, all the listings, except Parallels are folders, prefaced with the letter d. for folder.
  On my machine, for example, the pattern for the home folders all show
  drwx------@ 5 xxxxxx staff 170 25 Jun 06:07 Desktop
  normally that would be chmod 700 Desktop which will get you
  drwx------
  but note the @ which shows an extended attribute or ACL in Leopard.
  to write the ACL shown as @
  You will need to read
  man chmod about ACL MANIPULATION OPTIONS
  Personally, I think that playing around with chmod without a backup was not a good idea, and I wonder if your ambition has exceeded your knowledge. Sorry if that sounds tough, but a possible Archive and Install may be your safest path I think because what you have messed with was no small oops with a simple fix.
  You could just change those home folders to chmod 700 and see how it goes without the attribute, or bite the bullet and do an Archive and Install.
  I do not run parallels and so have no idea what is permissions should be.
  That Time capsule is starting to look pretty good now
  Message was edited by: roam2
  Message was edited by: roam2

• HT1414 Granddaughter received new  I pad air from school, entered password incorrectly and unable to remember word, locked out of start up.

  Granddaugter received new I Pad Air from school, appears to have put a password incorrectly into the system and can't remember the word.  Now lock out.  Is there a way of over coming this problem.

  Nothing you can do.  The School will have to restore it and input their Apple ID and password to unlock it. 
  If you restore it, you'll engage Activation lock and unless you know the password for the associated Apple Id you won't be able to do anything else.

• How to get a list of Local Users who has not logged in for 3 months or around 90 days

  hi
  i found this thread to pull out a list of local users
  Retrieve all local user accounts information on remote computers (PowerShell)
  however, i need to filter out users who has not logged in for 3 months or around 90 days, how can i do further filtering?
  i understand dsquery has an -inactive <xweeks> , however i am doing it for local accounts

  $ErrorActionPreference = "silentlycontinue"
  $([ADSI]"WinNT://$env:COMPUTERNAME").Children | where {$_.SchemaClassName -eq 'user' -and $_.lastLogin -gt (Get-Date).AddDays(-90)} | ft name,lastlogin
  using the sample from the link extendend with the 90 days criteria, the erroraction preference surpresses the errors you get for accounts with no lastlogon value (guest being a typical one)