• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 205
  • Last Modified:

How can I allow a user to login to a server without making him a administrator?

I need to be able to allow a user to login to the server. I know that I can make him a domain administrator but is there another way to do this?
0
microsymplex
Asked:
microsymplex
  • 6
  • 4
  • 2
  • +1
1 Solution
 
RemcovCCommented:
Grant him the allow log on locally right (security policies)
0
 
Chris DentPowerShell DeveloperCommented:

If it isn't a Domain Controller you just need to ensure the user (or the required group) has the "Log on Locally" right in the local security policy.

Chris
0
 
microsymplexAuthor Commented:
It is a domain controller......
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
Chris DentPowerShell DeveloperCommented:

Then it would need to be done in the Default Domain Controller Policy. It's not something I'd recommend, DCs are very poor targets for user level access.

Chris
0
 
microsymplexAuthor Commented:
Yeah its actually for a tech that needs to do some testing without admin rights.  Where is the default domain controller policy?
0
 
Chris DentPowerShell DeveloperCommented:

Even user level access to a DC is a risk. But it's your system, so as long as you're happy with the risk :)

Linked to the Domain Controllers OU in Active Directory. If you have the Group Policy Management Console you should find it quite easily. Otherwise open the properties for the Domain Controllers OU in AD Users and Computers to access the Policy.

It's set under:

Computer Configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignment

Then in "Allow Log on Locally".

Bear in mind that this policy effects all of your Domain Controllers.

Chris
0
 
microsymplexAuthor Commented:
Where do I find the local security settings on the server?
0
 
Chris DentPowerShell DeveloperCommented:

Start, Run, gpedit.msc.

Chris
0
 
microsymplexAuthor Commented:
duh... brain fart... ok but now allow logon locally is grayed out.
0
 
sk_raja_rajaCommented:
Why cant you make this user as a member of local admin of that server.....
0
 
Chris DentPowerShell DeveloperCommented:

Domain Controllers don't have local admin groups...

Chris
0
 
RemcovCCommented:
domain controllers won't allow local policy change, you have to adjust de default domain policy

Go to Active Directory users and computers, find th OU in which your DC is, rightclick the OU and select properties.
Go to policy tab and edit the policy on this OU.
0
 
sk_raja_rajaCommented:
oops sorry chris..did not see microsymplex comment(It is a domain controller......)....:):):)
0
 
Chris DentPowerShell DeveloperCommented:

> duh... brain fart... ok but now allow logon locally is grayed out.

Yeah, you need to be using the Default Domain Controllers Policy :) That's only where you find the local policy.

Chris
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 6
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now