Tuesday, January 4, 2011

Grant a Member the Right to Logon Locally

Applies To: Windows Server 2008 R2

Grant a user or group the right to log on locally to the domain controllers in the domain

  1. Click Start, type gpmc.msc, and then press ENTER.
  2. Double-click the name of the forest, double-click Domains, double-click the name of the domain in which you want to join a computer, right-click Default Domain Controllers Policy, and then click Edit.
  3. In the console tree, expand Computer Configuration, Policies, Windows Settings, Security Settings, and Local Policies, and then click User Rights Assignment.
  4. In the details pane, double-click Allow Logon Locally.
  5. Ensure that the Define these policy settings check box is selected, and then click Add User or Group.
  6. Type the name of the account that you want to allow to log on locally. As an alternative, click Browse to locate the account with the Select Users, Computers, or Groups dialog box, and then click OK.
  7. After you have the account name entered, click OK in the Add User or Group dialog box, and then click OK in the Allow log on locally Properties dialog box.
securitySecurity Note
The domain controllers in the domain share the Default Domain Controllers Group Policy object (GPO). When you grant an account the Allow logon locally right, you are allowing that account to log on locally to all domain controllers in the domain.

No comments:

Post a Comment