Printable Version of Topic

Click here to view this topic in its original format

914World.com _ 914World Garage _ OT: Is anyone a Windows 2000 Adv. Server admin

Posted by: bd1308 Aug 11 2005, 10:42 AM

I got Terminal Services working....

My server is a domain controller.

I created a user for my brother to login with...

as Administrator I am able to login
my brother (in the Users group) cannot login....

gives him this error:
"The Local Security Policy of this system does not allow you to login interactively"

I can't find anything concerning this in the local security snap-in or the domain controller configs

I tried a google search, but that applied to the 2003 server.....

Posted by: ClayPerrine Aug 11 2005, 11:03 AM

5 years working for Microsoft support kinda makes me qualified to answer.

On a Domain controller it is required that a user be a member of the domain admins group to log in locally. To use terminal services in remote admin mode, you have to have log on locally rights.

In short, you can do 2 things.

1. Setup custom permissions to allow your brother to log on locally. This would mean manually setting permissions on the Domain controller.

2. Make him a domain admin.


The first one is more secure, the second is easier.


Clay Perrine, MCSE
International Network Services



Posted by: Eddie Williams Aug 11 2005, 11:20 AM

QUOTE (ClayPerrine @ Aug 11 2005, 11:03 AM)
On a Domain controller it is required that a user be a member of the domain admins group to log in locally.

Or be added to the Log in Locally user right. If it's a domain controller look in the GPO for Domain Controllers add the user to the User Rights Assignment policy (not the Default GPO for the Domain).

Eddie Williams, MCSE
PESystems, Inc.

Posted by: SirAndy Aug 11 2005, 12:06 PM

QUOTE (ClayPerrine @ Aug 11 2005, 10:03 AM)
The first one is more secure, the second is easier.

agree.gif

Andy Schmidt, CTO
veriLegal, Inc.

Posted by: redshift Aug 11 2005, 12:30 PM

Brit...

beer3.gif driving.gif



Miles Hendrix
Tidewater/TSiM Publishing

Posted by: rhodyguy Aug 11 2005, 01:33 PM

a little as i know... your trying to give your brother use of win2000 without having to buy it? i know i recieve updates frequently. won't ms catch on? like i said. i know nozzing (sgt shultz voice). HOGAAAAN!!!

k

Posted by: bd1308 Aug 11 2005, 05:34 PM

so clay, why can't I just enable some login locally thing in the domain controller settings? for the domain users group...

Posted by: mharrison Aug 11 2005, 05:45 PM

Here is your answer.

Why it doesn't work, how to make it work:

http://support.microsoft.com/default.aspx?scid=kb;en-us;q247989

I don't know if I'm qualified, but I can get the job!

Matt Harrison MCSE, CCA
Trustmark National Bank

Posted by: redshift Aug 11 2005, 05:52 PM

DOMAIN DOMAIN DOMAIN

LOCAL LOCAL LOCAL



M

Posted by: bd1308 Aug 11 2005, 05:57 PM

okay...


thank you!

Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)