Local Policies on DCs

B

Bill

I have a domain controller that I need to allow log on a
service access to. I just want to give this access to one
user and just on this domain controller. I give the user
access in the Local Policy, but the user still cannot log
in as a service. If I look at the properties of 'Log On
As Service' in the Local Policy, the user has a check next
to Local Policy, but not next to Effective Policy. How do
I apply the Local Policy to the Domain Controller?

If I give the user rights at the Domain Controller
Security Policy level, it works. But then I gave the user
Logon As Service rights to all the domain controllers. I
don't want to do that.

Any help is appreciated.
Thanks.
Bill
 
S

Steven L Umbach

You can create a new Organizational Unit within the domain controllers container and
create a GPO for it with the settings you need for that domain controller and then
move that domain controller into that sub OU. Be sure to include all the users you
need in the log on locally setting including administrators as that will override the
Domain Controller Security Policy setting. All other security policy will still apply
to the domain controller in that OU unless specifically defined in the sub OU GPO. Be
sure to test out before implementing. --- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Group Policies 1
Object Access Audit Policy for a Domain 4
"Replace a process level token" 0
Local Login Policy/Effective Policy does not grant login, Windows 3
Logon local to W2k workstation using domain account 9
Local Setting vs Effective Setting 2
Domain Controller Security Policy vs. Domain Security Policy? 1
Effective Policy Setting for IWAM_Machinename account 4

Top