• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 46
  • Last Modified:

Windows 2016 local access for Domain User

Windows 2016 Standard. You used to be able to turn on "Logon locally" and add users. Not an option now, well it's there but cannot modify. Don't want to go to the expense of RDS CALs, for a single user, to access a single app. Planning on using an en expensive remote connection tool, is there a work around or idea anyone can share?
0
Harold
Asked:
Harold
  • 9
  • 8
2 Solutions
 
McKnifeCommented:
If you cannot modify it, it's set by a domain policy. Start rsop.msc at the server - its output will tell you which policy is responsible so you can edit it.
0
 
HaroldNetwork EngineerAuthor Commented:
@McKnife....what am I looking for? I see the same as if I was editing to change. Buttons grey.
0
 
McKnifeCommented:
There is a column that would should which policy has set this, right there where you are looking at in rsop.msc
0
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

 
HaroldNetwork EngineerAuthor Commented:
Default domain controller policy, as I have setup no more than drive mappings. Literally brand new box.
0
 
McKnifeCommented:
So that tells you, it's set in the default domain controllers policy and that's where you could modify it, if you indeed wanted to let users logon to your domain controller (should be avoided!).
0
 
HaroldNetwork EngineerAuthor Commented:
@McKnife, so I'm in GPedit correct, to modify? I know it's not suggested, but it's a one user, sparse usage.
0
 
McKnifeCommented:
If you fully trust that user himself AND also trust his behavior to be secure when it comes to guarding his credentials (this, I wouldn't do even for closest colleagues), you may do that.

Yes, in gpedit.msc, modify that section in the def. domain controllers policy.
0
 
HaroldNetwork EngineerAuthor Commented:
@Mcknife, I totally respect that and with that being said, options would be remote to a desktop, then resources needed or setup RDS?
0
 
McKnifeCommented:
Without installing the RDSH role, you may use two rdp sessions at a time for administrative purposes only.
Else, non-administrative, would require the RDSH role and with ut, you'd need to buy CALs.
0
 
HaroldNetwork EngineerAuthor Commented:
@McKnife right, that is the reason for me thinking I can just give this user general access as user and not logging in as RDP Admin account. This not applicable in this scenario?
0
 
McKnifeCommented:
I don't know if license terms explicitly forbid non-administrative usage over rdp, but it could be. Technically, it would work, but if you may and want to do it, is up to you to find out.
0
 
HaroldNetwork EngineerAuthor Commented:
Never could find where to change, this always grey buttons.

Thanks
0
 
McKnifeCommented:
So you found out, it was set in the default domain controllers policy - you will be able to change it there, won't you?
0
 
HaroldNetwork EngineerAuthor Commented:
I saw the area the default domain controller policy but the buttons are still grey.
0
 
McKnifeCommented:
Where? If you open the default domain controller policy, you can edit them - no ifs or buts.
0
 
HaroldNetwork EngineerAuthor Commented:
@McKnife...thanks...I was doing it all wrong. I see it now. We have a temp connection to a desktop, to see if that works for them, if not I may do this.

Regards
0
 
HaroldNetwork EngineerAuthor Commented:
thanks again
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 9
  • 8
Tackle projects and never again get stuck behind a technical roadblock.
Join Now