Recently I took custody over an IT system and unfortunately, the previous admin was not really an expert – I expected some problems with implementation of best practice.
Anyway, I found this problem: after deleting some stupid settings in Default domain policy, I was not able to login to domain controllers. The login (it was the same if I tried to login locally or thru RDS) showed me only clean blue screen, without any icon, without start menu and other content. The first approach was trying with CRTL + ALT + DEL and launch Task manager where I wanted to start Explorer. Well, also Task manager didn’t work.
When I exanimated what I did previously (what could be the cause of this error) I found that I removed some settings form default domain policy (in my case it was the setting that allowed Domain admins to act as a part of OS – I didn’t even try to restore it ). Here, I suspected that it could be a security problem and I run two commands remotely using PSexec:
Net localgroup Users Interactive /add
Net localgroup Users “Authenticated Users” /add
Unexpectedly this solved my problem also if local groups are disabled on DC.
Hope that it will help someone.
About me
I am working in IT for more than 10 years, concerning most of my time with small companies. A result of this work is a good knowledge of problems and products used in that companies, like Windows Small Business Server, System Center Essentials, Windows OS ecc.
I lead a Slovenian SBS Community on Microsoft, I am Microsft MVP for Cloud and Datacenter (2012 – 2018).
In my privat life I like listen to rock music, archery and constructing biiig houses with Lego cubes – of course with my son!