Re: allow non admin to logon to dc

From: Antonio Policelli (
Date: 05/28/03

Date: 28 May 2003 06:21:28 -0700

thanks matjaz!

it seems that active dir automagically placed all of domain
controllers in a OU called "domain controllers" if i give this user
log on locally in the gpo for this OU this will allow himn to log on
to all domain controllers.. i dont want that.. shuld i create a new
ou for only this domain controller and just mod that gpo? will this
create an active directory problem if i move the dc out to another

thanks AP

"Matjaz Ladava" <> wrote in message news:<OER#LOFJDHA.452@TK2MSFTNGP11.phx.gbl>...
> You need to grant him logon locally right in domain controllers GPO, but I
> would be very skeptic to allow users logging on to my DC. It is cheaper
> getting them separate workstation.
> Regards
> Matjaz Ladava
> "Antonio Policelli" <> wrote in message
> > in a remote office there is 2 servers. one is a win2k acitve
> > directory global catalog server. other is member server. one person
> > in that office needs to log on to the server but i don't want to make
> > them domain admin. all the remote offices are part of the big fat
> > domain -- there are no sub domains.
> >
> > the local user accounts and groups is disabled, cuz i guess its a
> > domain controller. how do i let this account log on there??
> >
> > thanks
> > AP