Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Logon Locally User Rights on Windows 2000

Posted on 2001-06-26
7
Medium Priority
?
158 Views
Last Modified: 2010-04-13
After I configure the domain controller security policies using MS Security Configuration and Analysis tool, noone can logon to the domain, the error message they got is "The local policy of this system does not permit you to logon interactively". As my understanding, it is regarding the user rights of logon locally. By reviewing the security settings, on the domain controller security policy, logon locally user right is assigned to administrators, terminal clinets, and ftp clients only. By adding everyone group to the list, the problem is solved. My question is assigning logon locally rights to everyone means anyone can go to the server console and logon from there? is it a security hole? As my experience with NT 4.0, logon locally right is only granted to administrators and ftp/www clients. Any idea about how this work in Windows 2000?

Thanks in advance.
0
Comment
Question by:robert100
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 1

Expert Comment

by:nrajan
ID: 6229212
You should not set the 'logon locally' permissions for everyone. As you said they will be able to logon at the terminal. All you need to set is the 'Access this computer from a network' permissions for 'Everyone'
 
0
 

Author Comment

by:robert100
ID: 6229585
That was exactly what I originally did, but it didn't work.
By searching KB on MS site, this is what I found:

 http://support.microsoft.com/support/kb/articles/Q276/5/80.ASP

this article applies to SP1, that is what we have here, sp2 may solve that problem?

I really have no idea about this. With NT, it was fine to exclude any users except admin and ftp/www users.

What else should I do?
0
 
LVL 12

Expert Comment

by:Housenet
ID: 6234681
-Put domain users back as having the 'logon locally' right in computer configuration.
0
Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

 

Author Comment

by:robert100
ID: 6260793
Yeah, thenks a lot. I tried that puting domain users there instead of everyone, but it doesn't prevent any users from loggin on to the server terminal!!! That is what we don't want, any idea?
0
 
LVL 1

Expert Comment

by:Dingus
ID: 6904202
Add everyone to the 'Print Operators' group. That will give them the right to logon locally, but they will not be able to have their way with the server, only the print jobs.

It's the easiest way to give everyone access to the Domain Controller/Terminal Server, but still limit their control.


Richard
0
 
LVL 5

Expert Comment

by:cempasha
ID: 8237118
Dear questionner/expert(s)

No comment has been added lately, so it's time to clean up this TA.
I'll leave a recommendation in the Cleanup topic area that this question is to be:

- PAQ'd and pts removed

Please leave any comments here within the next seven days.

==> PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER ! <==

PaSHa

Cleanup volunteer



0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 8280177
Finalized as proposed

modulo

Community Support Moderator
Experts Exchange
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Explore the ways to Unlock VBA Project Password Excel 2010 & 2013 documents. Go through the article and perform the steps carefully to remove VBA Excel .xls file.
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question