login on PDC

[Hindy]

You need to edit the securit policy that is being applied
to your DC's. I take it when you say PDC, you mean the DC
running the PDC emulator role.

Open 'AD Users and Computers', right click the Domain
Controllers OU and select Properties, go tot the Group
policy tab. If you have just one GPO defined here
(probably Default DC's Policy) you'll need to edit it, go
to Computer Config->Windows Settings->Security Settings-

Local Policies->User Rights Assignment. Look for the

user right for 'Logon Locally' and change to meet your
needs. If you have several GPO's defined on your Domain
Controllers OU, you'll need to ensure they are applied in
correct order, and edit the appropriate one as described
above.

 

[cosimo]

-----Original Message-----
Whatever you do don't delete Administrators.

That *S-1-5-32-547 account is the SID for an account that
you can't resolve. This could be a local account on one
of your other servers/workstations (but not the DC
obviously). If you only want administrators to logon to
your DC's then remove everything apart from
Administrators. You shouldn't need the TSInernetUsers
group either, as you are probably running TS in Admin
mode and your Adminsitrators will still be able to TS in.

So, just have Administrators in the Logon on Locally user
right.

OK!
I have understood!
Thanks you again.
ciao
Cosimo