Solved

Accessing 2003 Domain Controller without being a Domain Admin

Posted on 2006-07-12
4
372 Views
Last Modified: 2010-04-18
Hoping someone can help me. I have a requirement for a couple of staff to RDP or direct logon to a Windows2003 Domain Controller, but they are not members of the Domain Admins group.

Where on the server can I add them to allow local access and RDP access, with the same rights if it had a local Administrators account.

Thanks
0
Comment
Question by:Nero_Wolfe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 3

Expert Comment

by:valrog
ID: 17090428
Why would you give non-Admins rights to a DC?  Do you know the havoc they could cause?  

Anyhow,  I think you may need to install terminal services.
0
 
LVL 1

Author Comment

by:Nero_Wolfe
ID: 17091547
Because, to satisfy auditors there can only be a limited amount of Domain Admins, which is myself and the backup account.  However i need the it staff to be able to login to the server at the console or via RDP.  I know it can be done, as i've had it done before - something to do with local policies - but I can't remember how to do it.

0
 
LVL 3

Accepted Solution

by:
valrog earned 500 total points
ID: 17092848
Open the Group Policy Management Console (gpmc.msc)

Edit the "Default Domain Controllers Policy"

Computer Configuration
 Windows Settings
  Security Settings
   Local Policies
    User Rights Assignments
    --- Allow logon locally
    --- Allow logon through terminal services


Sorry it took so long, I was working on the same problem also (Test Enviroment)
0
 
LVL 1

Author Comment

by:Nero_Wolfe
ID: 17093539
Thanks - much appreciated.  I thought it was in Policies somewhere, but just couldn't lay my hand to the location.

Thanks again.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question