Log on Locally

N

Nate

Hi all,

Relative novice in AD admin.

As a test and to learn a bit more, I created a new OU
called SpecialUser. I then created a Group (called
SpecialGroup) and User (called SpecialUser) in that OU.

Then I created a new Group Policy and linked it to that
OU. In the group policy I set the permission "Log On
Locally" for the SpecialGroup in that OU.

The problem is that when I try to log on locally to the
server as the SpecialUser, I get the error message that
the local policy does not permit me to log on locally.

I know that I can set that permission in the Default
Domain Policy, but I want this permission only for this
special group, not to anyone else.

Any ideas why this OU policy would not work?

thanks

Nate
 
N

Nick Finco [MSFT]

Use the Local Security Policy tool to see what the current settings on the
client are set to and make sure this is being set properly on the computer.
Also, make sure that there isn't a deny interactive logon right being
applied to that computer for this user. In the client's registry, check
HKLM\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail and make sure
that it isn't set to 2. If it is, set it back to 1 or 0.

N
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Restricting Logon Locally 1
Local Policy doesn't allow logon interactively 3
How to given access one user which is laying in othere OU 1
log on locally problem in W2K pro & server 1
How to assign application to computer 6
Group Policy to Disbale Users 4
disable save files in desktop - domain user 0
Applying Group Policies to OU 1

Top