Logon Locally for DC Part 2

O

Ovvy

I've been trying to work on a GPO(logon_locally) that I
applied in an Domain controllers OU. This will give rights
to a user to login to DC and do basic things in the local
machine like share, clear event logs, install software etc.

The user can login to the DC now(thanks for the idea of
others) however, he cannot still install Programs, change
time or even clear the event Viewer or shutdown the system!

Do I have to add my user on all those other rights like
change time, shutdown the system etc etc.?
At the end I wanted this user to logon locally, do
everything on the local machine like being an
administrator locally so he can configure the DC.

But how? there is no local Admins group?
 
S

Steve Dodson [MSFT]

You will need to grant specific rights to that user. Since this server is a
DC, there are no local users or groups (except in ds restore mode). Because
of the protections built into the security of a DC, unless the user is an
administrator you will have to grant the rights needed to perform the tasks
you delegate.

Hope that helps!

Steve Dodson [MSFT]
Directory Services
--------------------
Content-Class: urn:content-classes:message
From: "Ovvy" <[email protected]>
Sender: "Ovvy" <[email protected]>
Subject: Logon Locally for DC Part 2
Date: Fri, 2 Jan 2004 01:44:43 -0800
Lines: 19
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcPRFQykCy/P2JuYQzi7O+hwsNK10A==
Newsgroups: microsoft.public.win2000.active_directory
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.active_directory:61035
NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
X-Tomcat-NG: microsoft.public.win2000.active_directory

I've been trying to work on a GPO(logon_locally) that I
applied in an Domain controllers OU. This will give rights
to a user to login to DC and do basic things in the local
machine like share, clear event logs, install software etc.

The user can login to the DC now(thanks for the idea of
others) however, he cannot still install Programs, change
time or even clear the event Viewer or shutdown the system!

Do I have to add my user on all those other rights like
change time, shutdown the system etc etc.?
At the end I wanted this user to logon locally, do
everything on the local machine like being an
administrator locally so he can configure the DC.

But how? there is no local Admins group?
Click to expand...


--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

logon locally rights for DC 2
GPO for Local accounts on DC 1
Win2000 DC logon with domain admin account problem 3
Specific rights to install programs in DC 1
Ftp and Logon locally rights 3
Logon locally for DC 1
Delegate full rights to a DC? 2
logon locally to DC 3

Top