1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

logon locally

Discussion in 'Windows XP' started by sentme_mail, Jan 12, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. sentme_mail

    sentme_mail Thread Starter

    Joined:
    Apr 30, 2002
    Messages:
    200
    hi,
    how do i allow domain user accounts to logon to win2k server locally?
    thanks
     
  2. Dan O

    Dan O

    Joined:
    Feb 13, 1999
    Messages:
    8,974
    Run User Manager and add them to a local server group.
     
  3. Lardog

    Lardog

    Joined:
    Dec 25, 2002
    Messages:
    37
    The better way would be to adjust the local policy to allow Domain Users to log on locally.

    By default, server only allows certain local groups with high level access (Admins, power users, backup operators, etc...) to log on locally. If there is no explicit reason to add all user to one of these groups, then adjust the policy.

    Don't give them more rights than they need is the general rule.
     
  4. Dan O

    Dan O

    Joined:
    Feb 13, 1999
    Messages:
    8,974
    Lardog,

    Can you give details?

    Does it require Active Directory?

    I have read a lot about both of these issues but I don't have a lot of experience working with them and I would like to learn more.
     
  5. sentme_mail

    sentme_mail Thread Starter

    Joined:
    Apr 30, 2002
    Messages:
    200
    i have done that but still doesn't work.
    i noticed that the effective setting is not updated.

     
  6. Dan O

    Dan O

    Joined:
    Feb 13, 1999
    Messages:
    8,974
    sentme_mail,

    What I suggested does work because it is what I do all the time.
     
  7. sentme_mail

    sentme_mail Thread Starter

    Joined:
    Apr 30, 2002
    Messages:
    200
    do i need to modify the AD?
    this server is a member server of a domain.
     
  8. Dan O

    Dan O

    Joined:
    Feb 13, 1999
    Messages:
    8,974
    No AD changes are required. Go to the server, Logon as an Admin, and run Microsoft Management Console (MMC).

    It allows you to creates and manages local users and groups. It is available on Active Directory Domain Controller servers, which is a good thing as you would never want an non admin touching it.
     
  9. sentme_mail

    sentme_mail Thread Starter

    Joined:
    Apr 30, 2002
    Messages:
    200
    it don't work.
    the users that i configured to have logon locally rights are not reflected as effective settings in the local security
     
  10. Dan O

    Dan O

    Joined:
    Feb 13, 1999
    Messages:
    8,974
    You have to have the user change the Domain name to the Computer name, which is the third line on Logon.
     
  11. Lardog

    Lardog

    Joined:
    Dec 25, 2002
    Messages:
    37
    I would not suggest creating local user accounts. Kind of defeats the purpose of having a domain.

    Setting the local policy should work, unless there is other domain policy that has defined this behavior explicitly. Remember that domain policy will override local policy. This sounds like what is happening in your case, assuming you are doing it correctly.

    Is your machine a DC? If so, then you would need to edit the Default Domain Controllers policy as this is defined by default.

    Otherwise, check with your network or domain admin to find out.
     
  12. sentme_mail

    sentme_mail Thread Starter

    Joined:
    Apr 30, 2002
    Messages:
    200
    the machine is not a DC but a member server of the domain.
     
  13. Dan O

    Dan O

    Joined:
    Feb 13, 1999
    Messages:
    8,974
    I have also added Domain user names to a Local Group and I was able to logon locally.
     
  14. sentme_mail

    sentme_mail Thread Starter

    Joined:
    Apr 30, 2002
    Messages:
    200
    thanks, i will try again
     
  15. Lardog

    Lardog

    Joined:
    Dec 25, 2002
    Messages:
    37
    You're missing the point.

    I was actually incorrect about the default settings in W2K. I guess I was flashing back on NT4 user rights. Anyhow, the defaults for log on locally rights for W2K are outlined at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/gp/547.asp.

    However, regardless of the defaults, if adjusting the local policy does not reflect in the effective policy, that would mean that the effective policy is most likely being pushed down from a higher level, meaning it is probably being defined in either domain or OU level policy. Both of these would result in overriding your local policy settings. Creating local users or adding domain users to any groups, other than those defined within the effective policy, will not yield successful results.

    Additionally, there could be a specific "Deny logon locally" policy set. This would override the logon locally setting as well.

    Sentme,
    When you view the policy settings, can you see the effective policy settings also? They should list the users and/or groups that have the logon locally right. Typically, this will display as greyed out check boxes when domain policy is in place. Only those users that fall within these defined rights will be able to log on locally. Also, check the Deny policy to see if it has been defined.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/112840

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice