What is the lest privilege needed to log on to a Windows Server 2008?

Posted on 2009-12-28
Medium Priority
Last Modified: 2012-05-08
I am studying for a microsoft certification - focusing on Windows Server 2008. In the course litterature one is supposed to log on to the server from time to time as a regular user - to test several different things. This is supposed to be possible if the user account is added to the "print operator" group (as a least privilege needed, to log on to the server).

But I am not able to log in to the server, being a member of the "print operators", and "domain users" - I just get the message that the logon failed with these credentials. Is there some other group which I should use instead?

(I know this is not best practice in a real production environment.)
Question by:andre_st
  • 2
LVL 17

Expert Comment

by:Premkumar Yogeswaran
ID: 26136353
Is it is a member server or Domain controller?
LVL 17

Accepted Solution

Premkumar Yogeswaran earned 1000 total points
ID: 26136360
You can login to member server with least privilage ig you are having Domain Users

But to login to DC check the link below

Author Comment

ID: 26136659
It is a domain controller.

I am at work now, so I couldnt test this on the computers I am using for my studying. but I tested it on the domain controller here at work, and I got no problems logging on to the server, once I was a member of the "print operators". Although the potential problem of logging in with terminal services was not an issue in my case - I also tested it. After modifying the group policy, I also could log in remotely.

I have to test this again at home, as I was allready member of the print operators, and I only tried to log in locally. Perhaps it is a setting in the domain controller Group Policy object. I´ll get back to you on that one.
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 1000 total points
ID: 26137942
You have to add the group of users you want to logon with to the Domain controller group policy but you need to be careful on who you add to your DC.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question