Allowing user to logon locally to WIndows 2003 Server

G

Guest

I have a Windows 2003 Server Standard Edition which is also the domain
controller. I want to allow a user to log on to the local machine. I first
tried to enable this through the Domain Security Policy as follows:

- Start, Admin Tools, Domain Security Policy
- Locate Security Settings, Local Policies, User Rights, Allow log on locally
- Tick Define these policy settings and add the user to the list.

This however didn’t seem to make any difference. I then looked into the
Local Computer Policy and found that certain groups were already defined for
this setting (Allow log on locally). I can assign the user to one of these
groups (e.g. Server Operators) and they can logon. However, I cannot click
the Add User or Group button because as it is disabled. I don’t want to add
the user to Server Operators as they get rights that are not appropriate.

Therefore I need to how to make the Domain Security Policy override the
Local Computer Policy, OR how to add a user account to the local computer
policy.

I am logged on as the Administrator
 
M

Mark Renoden [MSFT]

Hi David

I think you want to add the user or group of users to the "Allow log on
locally" user right at the Default Domain Controller Policy instead of the
Default Domain Policy.

HTH
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.
 
G

Guest

Thanks Mark that worked. The only confusing bit is that it takes a few
minutes for the change to come into effect which I didn't expect as all of
this was taking place on the actual domain controller itself.

Mark Renoden said:
Hi David

I think you want to add the user or group of users to the "Allow log on
locally" user right at the Default Domain Controller Policy instead of the
Default Domain Policy.

HTH
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

David said:
I have a Windows 2003 Server Standard Edition which is also the domain
controller. I want to allow a user to log on to the local machine. I first
tried to enable this through the Domain Security Policy as follows:

- Start, Admin Tools, Domain Security Policy
- Locate Security Settings, Local Policies, User Rights, Allow log on
locally
- Tick Define these policy settings and add the user to the list.

This however didn't seem to make any difference. I then looked into the
Local Computer Policy and found that certain groups were already defined
for
this setting (Allow log on locally). I can assign the user to one of these
groups (e.g. Server Operators) and they can logon. However, I cannot click
the Add User or Group button because as it is disabled. I don't want to
add
the user to Server Operators as they get rights that are not appropriate.

Therefore I need to how to make the Domain Security Policy override the
Local Computer Policy, OR how to add a user account to the local computer
policy.

I am logged on as the Administrator
Click to expand...
Click to expand...
 
J

John Negus

Domain Controllers check and apply group policy settings every five
minutes. It you want settings to apply quicker than that use GPUPDATE
/FORCE.

--
John Negus
MSEtechnology
--



David said:
Thanks Mark that worked. The only confusing bit is that it takes a few
minutes for the change to come into effect which I didn't expect as
all of
this was taking place on the actual domain controller itself.

Mark Renoden said:
Hi David

I think you want to add the user or group of users to the "Allow log
on
locally" user right at the Default Domain Controller Policy instead
of the
Default Domain Policy.

HTH
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to
email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no
rights.

David said:
I have a Windows 2003 Server Standard Edition which is also the
domain
controller. I want to allow a user to log on to the local machine.
I first
tried to enable this through the Domain Security Policy as follows:

- Start, Admin Tools, Domain Security Policy
- Locate Security Settings, Local Policies, User Rights, Allow log
on
locally
- Tick Define these policy settings and add the user to the list.

This however didn't seem to make any difference. I then looked into
the
Local Computer Policy and found that certain groups were already
defined
for
this setting (Allow log on locally). I can assign the user to one
of these
groups (e.g. Server Operators) and they can logon. However, I
cannot click
the Add User or Group button because as it is disabled. I don't
want to
add
the user to Server Operators as they get rights that are not
appropriate.

Therefore I need to how to make the Domain Security Policy override
the
Local Computer Policy, OR how to add a user account to the local
computer
policy.

I am logged on as the Administrator
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Logon locally 3
Incorrect GPResult result 3
Logon Locally 3
Cannot Logon Locally 2
GPO on Domain controllers OU for-Logon Locally 1
can't logon locally 3
Cannot logon to "(local machine)" 11
GPO not working for DC to logon locaally 1

Top