Re: logon problem

From: Diana Smith [MSFT] (diasmith_at_online.microsoft.com)
Date: 03/29/04 

Date: Mon, 29 Mar 2004 12:58:23 -0500

Hi Jeff,

This is by design, because we do not want regular users logging on locally
to Domain Controllers.

To resolve this issue, check the default domain policy to confirm that the
Log on Locally user right, is not defined or is defined to include everyone
who is able to log on to domain member computers. To check the default
domain policy, follow these steps:

1. Start the Active Directory Users and Computers snap-in.

2. Right-click the domain and click Properties.

3. Click Group Policy.

4. Double-click Default Domain Policy.

5. Click Computer Configuration, click Windows Settings, and then click
Security Settings.

6. Click Local Policies, click User Rights Assignments, and then click Log
on Locally. NOTE: Only the users that are in the list for this user right
should have the right to log on locally to domain member computers.

7. Add the user to the "log on locally" user right.

8. Run the secedit command to refresh the policy.

9. User will have to reboot his machine to get the new policy.

Thank You.

Diana.

This posting is provided "AS IS" with no warranties, and confers no rights.

"Jeff" <anonymous@discussions.microsoft.com> wrote in message
news:14e9a01c41592$9e33a610$a301280a@phx.gbl...
> I have set up a new user in active directory for a support
> company who will be logging in remotely. I want them to
> access one server and multiple domain controllers. There
> is no problem logging on to the server with the user
> name. The problem is when they try to log on to the
> domain controllers.
>
> "The local policy of this system does not allow you to log
> on interactively."
>
> Any ideas? Thanks.

Relevant Pages

  • Re: Prevent Domain Users from logging on to specific PCs w/ Group Policies
    ... In order to prevent users from logging on at the console of the machine they ... Local Security policy or through a GPO that applies to those computers. ... This user right is defined in the Default Domain Controller Group Policy ... policy setting supercedes the Log on locally policy setting if an account is ...
    (microsoft.public.windows.server.security)
  • Re: Requiring specific computer to log on
    ... a new "policy", company wide.. ... > Monitoring through the RRAS VPN log files is simple though. ... Double click the logfile. ... >> if I can simply block his own machine from logging on - that does resolve ...
    (microsoft.public.windows.server.sbs)
  • Event ID 1507 / Weird hangs
    ... 1Gb RAM, Systemdisk with 5,6Gb free and two users sharing the computer. ... 'Logging off' screen and after that, ... This computer is in manual policy mode, but the policy file cannot be found. ... can find is in conjunction with Exchange, but User2 is not using Exchange. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: GP Software Install / Log File
    ... For the MSI logging, ... Check out http://www.gpoguy.com -- The Windows Group Policy Information Hub: ... the Windows Group Policy Guide is out from Microsoft Press!!! ... out where the log files go for this push. ...
    (microsoft.public.windows.group_policy)
  • Re: newsgroup access
    ... > logging of activities of internet use. ... I don't know of any transparant proxy tricks for nntp though. ... How you enforce the policy is ... not be dealt with in a purely technical matter. ...
    (comp.unix.bsd.freebsd.misc)