New Active Directory Documents for IT Pros Allow logon locally to a domain controller - Active Directory Documentation Team - Site Home - TechNet Blogs

Active Directory Documentation Team

Information for IT Professionals who work with Active Directory. All blog posts are provided "AS IS" with no warranties, and confer no rights.

Allow logon locally to a domain controller

Allow logon locally to a domain controller

  • Comments 6
  • Likes

We finally published the procedures for allowing a user or group to logon locally (at the console) to a domain controller. All the administrative groups, like server operators, backup operations, account operations, and administrators have this right by default. However, when an application gets installed on a domain controller and you want to logon to a domain controller using a management account for that application, you might need to grant that account the right to logon locally. The procedure for doing so is published as Grant a Member the Right to Logon Locally.

This posting is provided "AS IS" with no warranties, and confers no rights.

Comments
  • Hi,

    I have a off track question related to the documentation of Virtual Accounts introduced in Win7 and 2008 R2.

    This link below at the end talks about virtual accounts little bit.

    http://technet.microsoft.com/en-us/library/dd548356(WS.10).aspx

    Could you please through some light on how we use, scenerios it will be fit into etc etc.....

  • Thanks for the question. I was planning to answer here with what we've developed thus far, which isn't quite complete. Then, I realized that I could put it on the TechNet Wiki and other people could help flesh it out. Go to the TechNet Wiki "social.technet.microsoft.com" and check it out "Managed Service Accounts (MSAs) versus virtual accounts in Windows Server 2008 R2"

    Thanks!

  • Thanks a lot for the information Kurt. I really appreciate your response as I have been not finding any info on this.

  • Hi Guys , How to give access for allowing to log in locally to a domain user ?

  • Add the domain user name to the Grant a Member the Right to Logon Locally policy - as linked to above.

  • I'm using SBS 2011 but I can't get Group Policy to allow a certain user (who is also an administrator) to log on to the SBS server locally. I've added their user name to the domain controller's Allow log on locally settings but it's not having any effect.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment