Allow Interactive Logon to Domain Controllers in Windows Server 2008

Vivek Nayyar June 20, 2011 2

Under normal circumstances in any production environment where active directory domain-based infrastructure is established administrators do not allow any user to logon to the domain controller interactively (logon to the domain controller right from the domain controller itself). This is the default configuration that is set in the group policy and the group policy is linked to Domain Controllers organizational unit. However in test environments or lab setups this default configuration can be modified by the administrators and local user accounts can be allowed to log on to the domain controllers interactively for testing purpose. As an administrator you can do so by following the steps given below:

1.       Logon to Windows server 2008 domain controller with domain admin credentials.

2.       Open Group Policy Management Console and locate and expand Domain Controllers organizational unit.

3.       Right click on the linked Default Domain Controllers Policy group policy and from the available menu click on Edit.

4.       From the opened snap-in expand Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies and then select User Rights Assignment.

5.       From the right pane double-click on Allow log on locally and from the opened box click on Add User or Group to add the desired user or group to which you want to grant permission of local logon.

Allow Users Logon Locally on Domain Controller

6.       Once done, click on Ok button on all the opened boxes and type gpupdate /force command in the command window to make the changes permanent and update settings.

2 Comments »

  1. LLaszlo August 2, 2011 at 12:35 pm - Reply

    You need yet set up user for “Allow log on through Remote Desktop Services”

Leave A Response »