logon password domain controller bug

[Guest]

I have 3 Windows 2000 Servers, one acting as the Domain Controller. When I create a user not included in the Administrator's group, I can login to 2 Server, but not the Domain Controller. I get an error " the local policy of this system does not allow you to login interactively.
I should add, I am logging in remotely.

Any help would be appreciated.

 

[Lanwench [MVP - Exchange]]

Check your policy settings. Why would you want non-admin accounts logging
into your DC, just out of curiosity?

 

[Herb Martin]

I have 3 Windows 2000 Servers, one acting as the Domain Controller. When I

create a user not included in the Administrator's group, I can login to 2
Server, but not the Domain Controller. I get an error " the local policy of
this system does not allow you to login interactively.

I should add, I am logging in remotely.

Any help would be appreciated.

Not likely a bug, but if I understand what you are doing then
it is by design.

You cannot logon TO a machine "remotely" unless you mean
with Terminal Services (or a substitute) in which case that
is a "local logon".

You can authenticate remotely as a normal case when you
logon AT a domain machine by authenticating with a DC.

DCs by default -- from NT on -- have never allowed ordinary
users to logon to them by default.

You can change this policy if you understand the implications
but it a bad practice in production, corporate domains (might
make sense in a home/small-office domain or in a lab.