Sign in with
Sign up | Sign in
Your question

Allowing user to logon locally to WIndows 2003 Server

Last response: in Windows 2000/NT
Share
December 12, 2004 8:23:02 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I have a Windows 2003 Server Standard Edition which is also the domain
controller. I want to allow a user to log on to the local machine. I first
tried to enable this through the Domain Security Policy as follows:

- Start, Admin Tools, Domain Security Policy
- Locate Security Settings, Local Policies, User Rights, Allow log on locally
- Tick Define these policy settings and add the user to the list.

This however didn’t seem to make any difference. I then looked into the
Local Computer Policy and found that certain groups were already defined for
this setting (Allow log on locally). I can assign the user to one of these
groups (e.g. Server Operators) and they can logon. However, I cannot click
the Add User or Group button because as it is disabled. I don’t want to add
the user to Server Operators as they get rights that are not appropriate.

Therefore I need to how to make the Domain Security Policy override the
Local Computer Policy, OR how to add a user account to the local computer
policy.

I am logged on as the Administrator
Anonymous
a b 8 Security
December 13, 2004 3:58:59 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi David

I think you want to add the user or group of users to the "Allow log on
locally" user right at the Default Domain Controller Policy instead of the
Default Domain Policy.

HTH
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: markreno@online.microsoft.com

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

"David" <David@discussions.microsoft.com> wrote in message
news:0CDBCE19-DB9D-48CB-9FE5-81E3D658C256@microsoft.com...
>I have a Windows 2003 Server Standard Edition which is also the domain
> controller. I want to allow a user to log on to the local machine. I first
> tried to enable this through the Domain Security Policy as follows:
>
> - Start, Admin Tools, Domain Security Policy
> - Locate Security Settings, Local Policies, User Rights, Allow log on
> locally
> - Tick Define these policy settings and add the user to the list.
>
> This however didn't seem to make any difference. I then looked into the
> Local Computer Policy and found that certain groups were already defined
> for
> this setting (Allow log on locally). I can assign the user to one of these
> groups (e.g. Server Operators) and they can logon. However, I cannot click
> the Add User or Group button because as it is disabled. I don't want to
> add
> the user to Server Operators as they get rights that are not appropriate.
>
> Therefore I need to how to make the Domain Security Policy override the
> Local Computer Policy, OR how to add a user account to the local computer
> policy.
>
> I am logged on as the Administrator
>
December 13, 2004 9:53:02 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Thanks Mark that worked. The only confusing bit is that it takes a few
minutes for the change to come into effect which I didn't expect as all of
this was taking place on the actual domain controller itself.

"Mark Renoden [MSFT]" wrote:

> Hi David
>
> I think you want to add the user or group of users to the "Allow log on
> locally" user right at the Default Domain Controller Policy instead of the
> Default Domain Policy.
>
> HTH
> --
> Mark Renoden [MSFT]
> Windows Platform Support Team
> Email: markreno@online.microsoft.com
>
> Please note you'll need to strip ".online" from my email address to email
> me; I'll post a response back to the group.
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> "David" <David@discussions.microsoft.com> wrote in message
> news:0CDBCE19-DB9D-48CB-9FE5-81E3D658C256@microsoft.com...
> >I have a Windows 2003 Server Standard Edition which is also the domain
> > controller. I want to allow a user to log on to the local machine. I first
> > tried to enable this through the Domain Security Policy as follows:
> >
> > - Start, Admin Tools, Domain Security Policy
> > - Locate Security Settings, Local Policies, User Rights, Allow log on
> > locally
> > - Tick Define these policy settings and add the user to the list.
> >
> > This however didn't seem to make any difference. I then looked into the
> > Local Computer Policy and found that certain groups were already defined
> > for
> > this setting (Allow log on locally). I can assign the user to one of these
> > groups (e.g. Server Operators) and they can logon. However, I cannot click
> > the Add User or Group button because as it is disabled. I don't want to
> > add
> > the user to Server Operators as they get rights that are not appropriate.
> >
> > Therefore I need to how to make the Domain Security Policy override the
> > Local Computer Policy, OR how to add a user account to the local computer
> > policy.
> >
> > I am logged on as the Administrator
> >
>
>
>
Anonymous
a b 8 Security
December 14, 2004 1:58:02 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Domain Controllers check and apply group policy settings every five
minutes. It you want settings to apply quicker than that use GPUPDATE
/FORCE.

--
John Negus
MSEtechnology
--



"David" <David@discussions.microsoft.com> wrote in message
news:9927F7CA-568C-49AD-9BD6-456FBE32D782@microsoft.com...
> Thanks Mark that worked. The only confusing bit is that it takes a few
> minutes for the change to come into effect which I didn't expect as
> all of
> this was taking place on the actual domain controller itself.
>
> "Mark Renoden [MSFT]" wrote:
>
>> Hi David
>>
>> I think you want to add the user or group of users to the "Allow log
>> on
>> locally" user right at the Default Domain Controller Policy instead
>> of the
>> Default Domain Policy.
>>
>> HTH
>> --
>> Mark Renoden [MSFT]
>> Windows Platform Support Team
>> Email: markreno@online.microsoft.com
>>
>> Please note you'll need to strip ".online" from my email address to
>> email
>> me; I'll post a response back to the group.
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> "David" <David@discussions.microsoft.com> wrote in message
>> news:0CDBCE19-DB9D-48CB-9FE5-81E3D658C256@microsoft.com...
>> >I have a Windows 2003 Server Standard Edition which is also the
>> >domain
>> > controller. I want to allow a user to log on to the local machine.
>> > I first
>> > tried to enable this through the Domain Security Policy as follows:
>> >
>> > - Start, Admin Tools, Domain Security Policy
>> > - Locate Security Settings, Local Policies, User Rights, Allow log
>> > on
>> > locally
>> > - Tick Define these policy settings and add the user to the list.
>> >
>> > This however didn't seem to make any difference. I then looked into
>> > the
>> > Local Computer Policy and found that certain groups were already
>> > defined
>> > for
>> > this setting (Allow log on locally). I can assign the user to one
>> > of these
>> > groups (e.g. Server Operators) and they can logon. However, I
>> > cannot click
>> > the Add User or Group button because as it is disabled. I don't
>> > want to
>> > add
>> > the user to Server Operators as they get rights that are not
>> > appropriate.
>> >
>> > Therefore I need to how to make the Domain Security Policy override
>> > the
>> > Local Computer Policy, OR how to add a user account to the local
>> > computer
>> > policy.
>> >
>> > I am logged on as the Administrator
>> >
>>
>>
>>
!