Solved

Accessing 2003 Domain Controller without being a Domain Admin

Posted on 2006-07-12
4
371 Views
Last Modified: 2010-04-18
Hoping someone can help me. I have a requirement for a couple of staff to RDP or direct logon to a Windows2003 Domain Controller, but they are not members of the Domain Admins group.

Where on the server can I add them to allow local access and RDP access, with the same rights if it had a local Administrators account.

Thanks
0
Comment
Question by:Nero_Wolfe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 3

Expert Comment

by:valrog
ID: 17090428
Why would you give non-Admins rights to a DC?  Do you know the havoc they could cause?  

Anyhow,  I think you may need to install terminal services.
0
 
LVL 1

Author Comment

by:Nero_Wolfe
ID: 17091547
Because, to satisfy auditors there can only be a limited amount of Domain Admins, which is myself and the backup account.  However i need the it staff to be able to login to the server at the console or via RDP.  I know it can be done, as i've had it done before - something to do with local policies - but I can't remember how to do it.

0
 
LVL 3

Accepted Solution

by:
valrog earned 500 total points
ID: 17092848
Open the Group Policy Management Console (gpmc.msc)

Edit the "Default Domain Controllers Policy"

Computer Configuration
 Windows Settings
  Security Settings
   Local Policies
    User Rights Assignments
    --- Allow logon locally
    --- Allow logon through terminal services


Sorry it took so long, I was working on the same problem also (Test Enviroment)
0
 
LVL 1

Author Comment

by:Nero_Wolfe
ID: 17093539
Thanks - much appreciated.  I thought it was in Policies somewhere, but just couldn't lay my hand to the location.

Thanks again.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question