User administration by non Admin

[Ross]

How can i give terminal logon rights to domain controller
without putting the user in Administrators or Domain
Admins group.

 

[Guillaume Ross]

How can i give terminal logon rights to domain controller
without putting the user in Administrators or Domain
Admins group.

I suppose you want them to administrer users, in which case it might be
preferrable to install the Adminpak (found on the Server cd in \support\
I think) on their workstations.

Else, in the DC Security Policy, under User Rights, you should have "Log
On locally" . You can add your users there...

Guillaume Ross

 

[Simon Geary]

Are you sure you want to do this? Giving non-admin users local logon rights
to a DC is not a good idea from a security point of view. If the goal is to
allow these users to manage accounts you can simply install the AD Users &
Computers console on their local PC and delegate the appropriate
permissions.

But anyway, in order to do this you have to do two things. Give the users
the right to log on locally to the DC and add them in to the security tab in
RDP properties. (Neither is recommended, I strongly suggest you find a
workaround)