Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to allow user to log on localy on the DC?

Status
Not open for further replies.
Pav4o

Pav4o

Technical User
Jan 22, 2003
45
I have Windows 2000 Server based DC and i want to grant to some users privileges to log on localy?
I follow the steps in the Windows 2000 Server Resource Kit and edit Default Domain Policy object in this way:
+Computer Configuration
-Windows Setting
-Security Settings
-Local Policies
-Users Rights Assignment
-Log on locally ->here i added two groups of users

But when somebody of these groups try to log on locally the server says that they have no permissions to log on locally.
Any ideas?
 
Sort by date Sort by votes
can't logon a DC locally. There is no local computer to log onto. There is no drop down on a DC for the local server during logon... The only way to logon a DC is by logging into the domain. In a sence, the domain is the local logon.

You would have to run DCPROMO to demote the domain controller to a regular server. After this is done, the user should be able to logon locally.


Joseph L. Poandl
MCSE 2000

If your company is in need of experts to examine technical problems/solutions, please check out (Sales@njcomputernetworks.com)
 
Upvote 0 Downvote
Thy the following and it will work with you.
1. Create a group in the domain controller and add the users in that group.

2. Now on the user's computer, open an existing goup on the basis what privilege you wants to provide them and add the group (which you created in the DC) in the local group and let the user logback and its going to work.

Thanks,

Shemsher
 
Upvote 0 Downvote
Pav4o,

"I follow the steps in the Windows 2000 Server Resource Kit and edit Default Domain Policy object in this way:"

You are on the right track but you need to edit the Default DOMAIN CONTROLERS Policy instead of the Default DOMAIN Policy.

Patty [ponytails2]
 
Upvote 0 Downvote
GrnEyedLady is right. You must edit the default domain controllers policy because it is the last policy applied that sets the 'log on locally' policy. Remember, policies are applied in order and the last policy applied that specifies a policy setting will overwrite all previous settings (unless no override is set elsewhere)....

Here's the order: local, site, domain, top OU, sub OU.

Domain controllers reside in the domain controller's OU which has the domain controller's policy.
 
Upvote 0 Downvote
Thanks a lot for the answers!
I will try them
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
192
DTGMI
DTGMI
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
222
microsGuy16
microsGuy16
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
264
DrB0b
DrB0b
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
136
DrB0b
DrB0b
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
122
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top