If you’re trying to work with Windows 2008 domain controllers, things have changed slightly (read-buried). Allowing a user to allow logon locally to the controller is a bit more complex than in 2003.
Grant a Member the Right to Logon Locally
Applies To: Windows Server 2008 R2
Domain controllers, by default, restrict the types of user accounts that have the ability to log on locally. By default, only members of the Account Operators, Administrators, Backup Operators, Print Operators, and Server Operators groups have the Allowed logon locally system right. If you want to grant a user account the ability to log on locally to a domain controller, you must either make that user a member of a group that already has the Allowed logon locally system right or grant the right to that user account.
No comments:
Post a Comment