I don't know if anyone tried this Windows 2008 R2 but I am trying to see if I could grant access to log on locally for one specific user (non admin) on a specific Windows 2008 R2 controller to act as a sort of "server operator".
I mainly want this user to be able to reboot the server if there is some problem with it and also copy a few files between folders as well as checking if the backup performed well.
However, this user should not have access to see the directory tree (because I do not want him to view other usernames from other business units in the same AD domain.
I was thinking about trying for a start to grant him a local "allow to log on locally" right directly on the DC in question but even with the domain administrator account, this setting is grayed out.
Any clue on how I could achieve that? I absolutely can't grant this user administrators rights.