StephRu
asked on
How to : domain user can log on remotely on a Windows 2012 Server
I thought this was going to be simple, but I'm stuck, need your help :)
I would like to give the right to a domain user to be able to log on remotely on a Windows 2012 Server.
- Step 1 : give the rights to the user to log on remotely (right click on computer, properties, remote settings, "allow remote connections to this computer").
- Step 2 : give the rights to the user to open a session on the server. To do so, I read that I would go in the group policy management, domain controller policy, edit, windows settings, security settings, user rights assignment, log on locally. I see that the usual groups are there (administrator, server operators, print operators, and so on... and I add there my user.
Gpupdate /force... and then I check in RSOP. Red cross :
"The policy default domain controllers policy resulted in the following error : No mapping between accounts names and security IDs was done. For more information, check the logs".
In my log :
"Error 1332" : No mapping between account names and security IDs was done. Cannot find server".
Huh ? Cannot find server Oo ? All I did was to add a domain user to have the right to log on locally.
All I can find on the web is people saying if I removed people from lists etc... but this is not the case. I want to add one user, and that user is clearly in the AD.
If I remove the user, the error is still there! I'm lost ...
Thanks for your help !
I would like to give the right to a domain user to be able to log on remotely on a Windows 2012 Server.
- Step 1 : give the rights to the user to log on remotely (right click on computer, properties, remote settings, "allow remote connections to this computer").
- Step 2 : give the rights to the user to open a session on the server. To do so, I read that I would go in the group policy management, domain controller policy, edit, windows settings, security settings, user rights assignment, log on locally. I see that the usual groups are there (administrator, server operators, print operators, and so on... and I add there my user.
Gpupdate /force... and then I check in RSOP. Red cross :
"The policy default domain controllers policy resulted in the following error : No mapping between accounts names and security IDs was done. For more information, check the logs".
In my log :
"Error 1332" : No mapping between account names and security IDs was done. Cannot find server".
Huh ? Cannot find server Oo ? All I did was to add a domain user to have the right to log on locally.
All I can find on the web is people saying if I removed people from lists etc... but this is not the case. I want to add one user, and that user is clearly in the AD.
If I remove the user, the error is still there! I'm lost ...
Thanks for your help !
Hi,
Are you trying to grant log on locally right for a user in a Domain Controller? If there server is not a Domain Controller then you dont need to edit Domain Controller policy.
If the Server is a member server in the Domain, then you could add the user to any of the following local groups.
Administrators
Backup Operators
Print Operators
These groups have log on locally permission assigned on servers.
Also, you could open local group policy settings by running 'gpedit.msc' and then browse to windows settings, security settings, user rights assignment, log on locally and add the user there. This too will work the same way.
Are you trying to grant log on locally right for a user in a Domain Controller? If there server is not a Domain Controller then you dont need to edit Domain Controller policy.
If the Server is a member server in the Domain, then you could add the user to any of the following local groups.
Administrators
Backup Operators
Print Operators
These groups have log on locally permission assigned on servers.
Also, you could open local group policy settings by running 'gpedit.msc' and then browse to windows settings, security settings, user rights assignment, log on locally and add the user there. This too will work the same way.
ASKER
Hi SreRaj,
Yes, it's a domain controller, sorry for not stating this in my first post.
I don't want the profile to be an administrator, can't I just add the user name ?
I cannot use the local group policy because these settings are controlled by group policies (the options are greyed).
Yes, it's a domain controller, sorry for not stating this in my first post.
I don't want the profile to be an administrator, can't I just add the user name ?
I cannot use the local group policy because these settings are controlled by group policies (the options are greyed).
ASKER
What about "log on through remote desktop services" ? Should I change anything in that policy ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
- Account operators
- Administrators
- Backup Operators
- Enterprise Domain controllers
- Print operators
- Server
- Server operators
There is no "server" in my AD... should I remove it ?