Harold
asked on
Windows 2016 local access for Domain User
Windows 2016 Standard. You used to be able to turn on "Logon locally" and add users. Not an option now, well it's there but cannot modify. Don't want to go to the expense of RDS CALs, for a single user, to access a single app. Planning on using an en expensive remote connection tool, is there a work around or idea anyone can share?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
There is a column that would should which policy has set this, right there where you are looking at in rsop.msc
ASKER
Default domain controller policy, as I have setup no more than drive mappings. Literally brand new box.
So that tells you, it's set in the default domain controllers policy and that's where you could modify it, if you indeed wanted to let users logon to your domain controller (should be avoided!).
ASKER
@McKnife, so I'm in GPedit correct, to modify? I know it's not suggested, but it's a one user, sparse usage.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@Mcknife, I totally respect that and with that being said, options would be remote to a desktop, then resources needed or setup RDS?
Without installing the RDSH role, you may use two rdp sessions at a time for administrative purposes only.
Else, non-administrative, would require the RDSH role and with ut, you'd need to buy CALs.
Else, non-administrative, would require the RDSH role and with ut, you'd need to buy CALs.
ASKER
@McKnife right, that is the reason for me thinking I can just give this user general access as user and not logging in as RDP Admin account. This not applicable in this scenario?
I don't know if license terms explicitly forbid non-administrative usage over rdp, but it could be. Technically, it would work, but if you may and want to do it, is up to you to find out.
ASKER
Never could find where to change, this always grey buttons.
Thanks
Thanks
So you found out, it was set in the default domain controllers policy - you will be able to change it there, won't you?
ASKER
I saw the area the default domain controller policy but the buttons are still grey.
Where? If you open the default domain controller policy, you can edit them - no ifs or buts.
ASKER
@McKnife...thanks...I was doing it all wrong. I see it now. We have a temp connection to a desktop, to see if that works for them, if not I may do this.
Regards
Regards
ASKER
thanks again
ASKER