Re: allow non admin to logon to dc

From: Antonio Policelli (blarfoc_at_yahoo.com)
Date: 05/28/03


Date: 28 May 2003 06:21:28 -0700


thanks matjaz!

it seems that active dir automagically placed all of domain
controllers in a OU called "domain controllers" if i give this user
log on locally in the gpo for this OU this will allow himn to log on
to all domain controllers.. i dont want that.. shuld i create a new
ou for only this domain controller and just mod that gpo? will this
create an active directory problem if i move the dc out to another
ou?/

thanks AP

"Matjaz Ladava" <matjaz@_nospam_ladava.com> wrote in message news:<OER#LOFJDHA.452@TK2MSFTNGP11.phx.gbl>...
> You need to grant him logon locally right in domain controllers GPO, but I
> would be very skeptic to allow users logging on to my DC. It is cheaper
> getting them separate workstation.
>
> Regards
>
> Matjaz Ladava
>
> "Antonio Policelli" <blarfoc@yahoo.com> wrote in message
> news:624f68b2.0305270438.5b23516f@posting.google.com...
> > in a remote office there is 2 servers. one is a win2k acitve
> > directory global catalog server. other is member server. one person
> > in that office needs to log on to the server but i don't want to make
> > them domain admin. all the remote offices are part of the big fat
> > domain -- there are no sub domains.
> >
> > the local user accounts and groups is disabled, cuz i guess its a
> > domain controller. how do i let this account log on there??
> >
> > thanks
> > AP