GPO for Local accounts on DC

O

ovvy

I created a group policy in my Domain controllers OU
called log_on_locally. This policy will allow some
accounts to logon locally so that they can install
software etc on my Domain controlelrs without having the
admin rights. I added the group to logon locally rights
permissions in the Computer configuration-windows Settings-
Security Settings-Local Policies.

However the particular user still cannot login and having
this error

"The Local policy of this system does not allow to login
interactivelly." I checked gpresults and this is what I got

Local Policy
logon_locally
default domain controllers Policy
default domain Policy
Does it mean that my Logon_locally Policy has been
overwritten by Default domain policy.How I can make sure
that Logon locally will take effect please help.
 
S

Steve Dodson [MSFT]

The order of policy processing is Local -> Site -> Domain -> OU so the DC
policy should be applying
I would check the DC's Application Log to verify we have applied Policy
recently and have logged a SceCli 1704 stating this is successful
I would finally verify that all DC's replicated AD and FRS with no errors.

That would be the first steps

Hope that helps!

Steve Dodson [MSFT]
Directory Services
--------------------
Content-Class: urn:content-classes:message
From: "ovvy" <[email protected]>
Sender: "ovvy" <[email protected]>
Subject: GPO for Local accounts on DC
Date: Tue, 30 Dec 2003 02:23:06 -0800
Lines: 21
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcPOvuoNWJMlKWhlQamj7fRE+Alirg==
Newsgroups: microsoft.public.win2000.active_directory
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.active_directory:60799
NNTP-Posting-Host: tk2msftngxa08.phx.gbl 10.40.1.160
X-Tomcat-NG: microsoft.public.win2000.active_directory

I created a group policy in my Domain controllers OU
called log_on_locally. This policy will allow some
accounts to logon locally so that they can install
software etc on my Domain controlelrs without having the
admin rights. I added the group to logon locally rights
permissions in the Computer configuration-windows Settings-
Security Settings-Local Policies.

However the particular user still cannot login and having
this error

"The Local policy of this system does not allow to login
interactivelly." I checked gpresults and this is what I got

Local Policy
logon_locally
default domain controllers Policy
default domain Policy
Does it mean that my Logon_locally Policy has been
overwritten by Default domain policy.How I can make sure
that Logon locally will take effect please help.


--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top