Why do I receive the error message "You may not remove the local logon right from the Administrators local group" when I edit user rights?

A. Before Microsoft developed the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in, administrators used the User Manager for Domains tool to manage user accounts. You might still have a need to administer a Windows NT 4.0 domain from Windows 2000 or NT 4.0 clients, which can lead to problems when you try to add or remove user accounts from the "Grant To" list in the User Rights Policy dialog box and result in the following error:

You may not remove the local logon right from the Administrators local group. Doing so will disable all local administration of this computer.

This error can result from the following conditions:

  • A Win2K Professional installation is running the NT 4.0 Administration Tools. Win2K machines must run the Win2K Administration Tools (i.e., adminpak.msi) that come with Win2K Server.
  • The "Grant To" list you're attempting to modify contains a deleted user or group. To resolve this problem, you must log on to the PDC of the NT 4.0 domain and use the local User Manager for Domains tool to remove the deleted account or group from the "Grant To" list.
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish