Skip to main content

How to Enable a Domain User to Log on Locally on the Domain Controller in Windows Server 2003



By default a domain user is not allowed to log on locally on the domain controller. This is because of the default group policy configuration which is applied whenever a stand-alone server is promoted to a domain controller. This configuration of group policy can be modified so that a domain user account can log on locally on the domain controller. Though this is not at all recommended in production environment but for testing purpose or in lab setups this configuration can be quite handy. This configuration also helps in testing labs where there are only few computers. You can modify group policy settings to allow a domain user to log on locally to the domain controller by following the steps given below:
Log on to the domain controller with administrator account.
Click on Start button.
From the start menu go to Administrative Tools and from the sub menu select Active Directory Users and Computers.
From the opened snap on expand the domain name node .
From the list right click on the Domain Controllers organizational unit and from the context menu select Properties.
On the Domain Controllers Properties box go to Group Policy tab.
From Group Policy Object Links list select Default Domain Controller Policy and click on Edit button.
From Default Domain Controller Policy snap-in in the left pane under Computer Configuration expand Windows Settings.
Expand Security Settings.
Expand Local Policies and from the list select User Rights Assignment.
In the right pane double click on Allow log on locally.
On Allow log on locally Properties box click on Add User or Group button.
On Add User or Group box click on Browse button to open the search window.
In enter the object name to select list box type the name of the user or group that you want to provide permissions to log on locally to the domain controller and click on Check Names button. Once verified click on OK button.

Allowing Domain User Account to Log On Locally on Domain Controller
Back on Add User or Group box click on OK button and click on OK button again on Allow log on locally Properties box to accept and confirm your selection.
Close Default Domain Controller Policy snap-in and open Command Prompt by typing cmd command in Run command box.
In the opened command window type gpupdate /force command to apply the newly configured group policy settings.
You can test this configuration by logging on to the domain controller with a domain user account credentials.
Labels:

Comments

Post a Comment

Popular posts from this blog

There are currently no logon servers available to service the logon request

When bringing a new server on line, you may see an error that says: The Security System detected an authenticaton error for the server ldap/xxxxxxxt. The failure code from the authentication protocal Kerberos was "There are currently no logon servers available to service the logon request. Event id: 40960 category: SPENGO (Negotiator) (0xc000005e) This issue is the result of missing or the inability to contact the DNS SRV (SeRVice) records. You just brought a new server on line. To complete the process, the server has to register its own host A record and SVR record in DNS. To do this, Type the following at the command prompt: IPconfig /flushdns IPconfig /registerdns net stop netlogon net start netlogon flushing DNS will remove all old or improper DNS records registering dns records registers your Host A record restarting the netlogon will register your SRV records. __________________________________________________________________________________ Speaking of ...
Post a Comment
Read more

test vpn bandwidth and speed with iperf

This article explains how to use a free utility called iPerf to test the speed of a VPN connection. In this example I am running iPerf on windows but there are other versions available (i.e. Linux). Download iPerf from  http://linhost.info/2010/02/iperf-on-windows/ Put a copy on 2 computers with 1 either side of the VPN. In this example I have put in the c:\triangle folder On the “server” PC open a cmd prompt and navigate to the folder containing iperf. Note on computers running Win7 or Win2008 I recommend running the cmd prompt in elevated mode. Run the command  iperf –s On the “client” PC open a cmd prompt and again navigate to the folder containing iperf. Run the command  iperf –c After a short while the estimated bandwidth is displayed.
1 comment
Read more

How fix Virtual Memory Too low in Windows XP,Vista,Windows 7,Windows Server 2003

Some times i got the icon on below right side of my system in Windows XP,Vista,Windows 7,Windows Server 2000,2003.How can Fix this solution.Here the solution. This solution work for all types of Windows i.e windows 95 to Windows 7. Virtual Memory is the space your computer uses when it's short of RAM(Random Access Memory),which is the memory used when running programs like Microsoft word,Power Point and other application  in our system . Solution 1:   Try to increase Your RAM size. Solution 2:   Change the Paging Size of drive as shown below steps                    1.Go to MyComputer--> Right Click--> Click Properties.                    2.Click Advanced tab from  System Properties tab.                    3.Click Sett...
Post a Comment
Read more