domain users can't logon locally

From: Bjørn Lunde (bjornlunde@hotmail.com)
Date: 11/04/02 

From: Bjørn Lunde <bjornlunde@hotmail.com>
Date: Mon, 4 Nov 2002 03:47:17 -0800

This is probably caused by the fact that your Windows 2000
server is a domain controller, and domain users cannot log
on locally (or interactivly) to a windows 2000 domain
controller. Can be remedied by changing the default domain
controller policy on the Domain Controllers OU and edit
the User Rights Assignment setting "Log On Locally" to
include the goups or users you wish to grant this right.

To find this setting right click the DOmain Controllers OU
in Active Directory, select properties, click the Group
Policy tab, verify that the Default Domain Controllers
Policy is selected, click Edit then navigate to Computer
Configuration > Windows Settings > Local Policies > User
Rights Assignment > Log On Locally.

After adding the groups you want, close all open windows
and run "secedit /refreshpolicy machine_policy" from a
command line.

Good luck

Regards

Bjørn Lunde

>-----Original Message-----
>Hi,
>
>I have recently installed a new windows 2000 server.
>
>I have found that only the Administrator is able to logon
locally on the
>server. When I attempt to logon as one of the user
accounts that I have
>created such as "user1", it says that the "system does
not permit me to
>logon interactively". All user accounts that I create
should be a member of
>"domain users".
>
>I check the "Administrative Tools" > "Local Security
Policy" > "Security
>Settings" >"Local Policies" > "Security Options" and I
find a check mark
>for "Domain Users" on the Local Policy Setting , but the
box under Effective
>Policy Settings is grayed.
>
>I was wondering what does this "Local Policy Setting"
and "Effective Policy
>setting" mean?
>
>The "Effective Policy setting" is grayed out. How do I
change the
>"Effective Policy" setting?
>
>Thanks.
>
>Peter
>
>
>.
>

Relevant Pages

  • Re: Group Policy broke my DCs
    ... to be very careful with tweaking services on domain controllers. ... Group Policy - security policy at the OU level which makes it much easier to ... complied from the Windows 2003 Server Security guide for baseline core ... Server - automatic ...
    (microsoft.public.windows.group_policy)
  • Re: Group Policy broke my DCs
    ... > need to be very careful with tweaking services on domain controllers. ... > Group Policy - security policy at the OU level which makes it much easier ... > is complied from the Windows 2003 Server Security guide for baseline core ...
    (microsoft.public.windows.group_policy)
  • Re: Installing Windows 2003 DC in a Windows 2000 Evironment-- Need Hel
    ... How to Upgrade Windows 2000 Domain Controllers to Windows Server 2003 ... Initial synchronization requirements for Windows 2000 Server and Windows ... ensure that you have designed a DNS and Active ...
    (microsoft.public.windows.server.active_directory)
  • Access is Denied to W2k3 GPOs - Really Stumped!
    ... Policy Manager or from the default GPO editor since upgrading from Windows ... Emulator server or the current selection server or any writable DC. ... I physically applied an enterprise admin account to the sysvol folder ...
    (microsoft.public.windows.server.general)
  • Re: Server 2003 and Mac OS X
    ... The issue is that a Domain Controllers running windows 2003 server has ... > It is hard make sense of all the security settings - I set all the basic ...
    (microsoft.public.windows.server.setup)