?
Solved

How can I allow a user to login to a server without making him a administrator?

Posted on 2008-10-06
14
Medium Priority
?
201 Views
Last Modified: 2010-03-17
I need to be able to allow a user to login to the server. I know that I can make him a domain administrator but is there another way to do this?
0
Comment
Question by:microsymplex
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
  • +1
14 Comments
 
LVL 6

Expert Comment

by:RemcovC
ID: 22650878
Grant him the allow log on locally right (security policies)
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 22650883

If it isn't a Domain Controller you just need to ensure the user (or the required group) has the "Log on Locally" right in the local security policy.

Chris
0
 

Author Comment

by:microsymplex
ID: 22650896
It is a domain controller......
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 71

Expert Comment

by:Chris Dent
ID: 22650921

Then it would need to be done in the Default Domain Controller Policy. It's not something I'd recommend, DCs are very poor targets for user level access.

Chris
0
 

Author Comment

by:microsymplex
ID: 22650938
Yeah its actually for a tech that needs to do some testing without admin rights.  Where is the default domain controller policy?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 22650974

Even user level access to a DC is a risk. But it's your system, so as long as you're happy with the risk :)

Linked to the Domain Controllers OU in Active Directory. If you have the Group Policy Management Console you should find it quite easily. Otherwise open the properties for the Domain Controllers OU in AD Users and Computers to access the Policy.

It's set under:

Computer Configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignment

Then in "Allow Log on Locally".

Bear in mind that this policy effects all of your Domain Controllers.

Chris
0
 

Author Comment

by:microsymplex
ID: 22650978
Where do I find the local security settings on the server?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 22651020

Start, Run, gpedit.msc.

Chris
0
 

Author Comment

by:microsymplex
ID: 22651042
duh... brain fart... ok but now allow logon locally is grayed out.
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22651138
Why cant you make this user as a member of local admin of that server.....
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 22651161

Domain Controllers don't have local admin groups...

Chris
0
 
LVL 6

Expert Comment

by:RemcovC
ID: 22651218
domain controllers won't allow local policy change, you have to adjust de default domain policy

Go to Active Directory users and computers, find th OU in which your DC is, rightclick the OU and select properties.
Go to policy tab and edit the policy on this OU.
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22651231
oops sorry chris..did not see microsymplex comment(It is a domain controller......)....:):):)
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 22651259

> duh... brain fart... ok but now allow logon locally is grayed out.

Yeah, you need to be using the Default Domain Controllers Policy :) That's only where you find the local policy.

Chris
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question