Link to home
Start Free TrialLog in
Avatar of bossco
bosscoFlag for United States of America

asked on

Log on Locally

I have no idea how long this has been in our Default Domain Policy, I have a hunch it was my predecessor from years back and just has never been noticed before today.  But in the Default Domain Policy, the Log On Locally policy has been defined to be:

Authenticated Users
DOMAIN NAME\Administrator

So the obvious concern is that any Joe Blow user in the domain would be able to log on to any machine, which is not the worse thing in the world but that also includes domain controllers right now as this policy is defined for the entire domain.  

Reading through that policy the default is set to:

• On workstations and servers: Administrators, Backup Operators, Power Users, Users, and Guest.
• On domain controllers: Account Operators, Administrators, Backup Operators, and Print Operators.

I would like to simply UNDEFINE this policy and let it go back to the default.  My current thinking is just unchecking the box "Define these policy settings:" and let it revert back to default.  

The question is will that revert back to the default or is every person going to be locked out of the domain once I do that?
Avatar of Sarang Tinguria
Sarang Tinguria
Flag of India image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of bossco


So will marking it as undefined just clear it and it will go back to using the defaults or should I redefine it as that?
No, as sarang told you, it's alright as it is. That policy does not even get applied at your servers.
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.