By default a domain user is not allowed to log on locally on
the domain controller. This is because of the default group policy
configuration which is applied whenever a stand-alone server is promoted to a
domain controller. This configuration of group policy can be modified so that a
domain user account can log on locally on the domain controller. Though this is
not at all recommended in production environment but for testing purpose or in
lab setups this configuration can be quite handy. This configuration also helps
in testing labs where there are only few computers. You can modify group policy
settings to allow a domain user to log on locally to the domain controller by
following the steps given below:
Log on to the domain controller with administrator account.
Click on Start button.
From the start menu go to Administrative Tools and from the sub menu select Active Directory Users and Computers.
From the opened snap on expand the domain name node .
From the list right click on the Domain Controllers
organizational unit and from the context menu select Properties.
On the Domain Controllers Properties box go to Group Policy
tab.
From Group Policy Object Links list select Default Domain
Controller Policy and click on Edit button.
From Default Domain Controller Policy snap-in in the left
pane under Computer Configuration expand Windows Settings.
Expand Security Settings.
Expand Local Policies and from the list select User Rights
Assignment.
In the right pane double click on Allow log on locally.
On Allow log on locally Properties box click on Add User or
Group button.
On Add User or Group box click on Browse button to open the
search window.
In enter the object name to select list box type the name of
the user or group that you want to provide permissions to log on locally to the
domain controller and click on Check Names button. Once verified click on OK button.
Allowing Domain User Account to Log On Locally on Domain
Controller
Back on Add User or Group box click on OK button and click
on OK button again on Allow log on locally Properties box to accept and confirm
your selection.
Close Default Domain Controller Policy snap-in and open
Command Prompt by typing cmd command in Run command box.
In the opened command window type gpupdate /force command to
apply the newly configured group policy settings.
You can test this configuration by logging on to the domain
controller with a domain user account credentials.
Comments