We want to give Domain User to Read Only access Main Domain Controller (via remote desktop) to create documentation about this server. Does some one know how to accomplish this? below is the request from our regional IT in oversea
- IP address & name of your domain controler server(s)
- account (ID & password) with read-only access to this(these) server(s) ; with both forms : "net bios domain name "\"user name" and "user name"@"domain name" (upn)
i have created an normal account and added this account into "computer configuration" -> window setting -> security setting -> local policies -> user right assignment -> allow logon locally , and put the account into "remote desktop group in server", i have tried to use the created account to login via remote desktop, it doesnt allow, it said i have to add this account into terminal services and remote desktop user group, which i already did, and then i have added this account into administrators group, and it could remote with the account, but found out that the account can login to the server (via remote desktop) and has full rights to delete and create account, how do i only gain this account read only ? do i need to set delegate control ? to allow only read for this account ?