Link to home
Start Free TrialLog in
Avatar of callis610
callis610Flag for United States of America

asked on

Cannot Log into a DNS/Domain Controller

I have create an AD Account/Log On for a Domain Controller/DNS Server and I am receiving the follwoing eror messages:
1). Your account is configured to prevent you from using this computer.
I believe I have resolved this issue and I began receiving the following:
2). Local Policy on this system does not permit you to logon interactively.
 My guess is because the User is not a Domain Administrator.  Any Domnain Admin can log onto this Server without a problem. Is there a resolution for this or a way to add this new user as a local administrator on the server.  I do not see any options for users and groups anywhere on the server as it is a Domain Controller.

Please assist.
Avatar of 4eos
4eos
Flag of United States of America image
Remove any user group that has lesser permissions than the highest group you would like.
Avatar of Daryl Ponting
Daryl Ponting
Flag of United Kingdom of Great Britain and Northern Ireland image
There are no 'local' users and groups on a domain controller.  There is an adminsitrators that applies to all domain controllers.  

You'd have to edit the policy to allow non-admins to log on to the domain controller (which would be inadvisable if it's even possible).
Avatar of LauraEHunterMVP
LauraEHunterMVP
Flag of United States of America image
Only Domain Admins should be permitted to log on locally to Domain Controllers, full stop. To do otherwise is a poor security practice for any number of reasons.
ASKER CERTIFIED SOLUTION
Avatar of ms-pro
ms-pro
Flag of Denmark image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial