|
Posted by oysteint@gmail.com on July 18, 2005, 2:15 am
Please log in for more thread options
Hi,
Running a Windows mixed AD domain, and on one machine we have a local
useraccount which I want to grant access to log onto that machine as a
service and batch job.
I know I can add the local account to the domain policy, but that would
give it access to log onto all machines, and not just the one I want it
to be on.
Øystein
|
|
Posted by Roger Abell on July 18, 2005, 8:25 am
Please log in for more thread options
If you are controlling the login User Rights from AD's GPOs, then you
need to define an overriding GPO for that one machine in which you
specify the exceptional values the machine requires.
--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
Hi,
Running a Windows mixed AD domain, and on one machine we have a local
useraccount which I want to grant access to log onto that machine as a
service and batch job.
I know I can add the local account to the domain policy, but that would
give it access to log onto all machines, and not just the one I want it
to be on.
Øystein
|
|
Posted by Steven L Umbach on July 18, 2005, 10:30 am
Please log in for more thread options Then do it in Local Security Policy on just that computer. If that computer
has it's local settings being overridden by a higher priority Group Policy
such as domain/OU level then put that computer in its own Organizational
Unit with a Group Policy linked to it with those user rights configured per
your needs. Keep in mind that you can create a child OU from an existing OU
to do this. Then the computer in that child OU will still inherit all the
Group Policy/security policy settings it currently is from higher priority
policies other then settings configured in the child OU. The exception
would be if a higher level Group Policy is configured to be "no override"
which is not by default for any GPO. --- Steve
Hi,
Running a Windows mixed AD domain, and on one machine we have a local
useraccount which I want to grant access to log onto that machine as a
service and batch job.
I know I can add the local account to the domain policy, but that would
give it access to log onto all machines, and not just the one I want it
to be on.
Øystein
|
| Similar Threads | Posted | | Is local system account member of local Administrators group? | June 21, 2005, 11:33 am |
| Local Administrator Account | April 17, 2007, 7:28 pm |
| Local Administrator as service log on account | January 11, 2006, 3:51 am |
| Find SID for a local user Account | March 6, 2006, 3:05 pm |
| Re: Copying Local Account Permissions | May 9, 2008, 6:50 am |
| Re: Copying Local Account Permissions | May 9, 2008, 2:39 pm |
| Re-Enabling Local Administrators Account | July 3, 2008, 2:37 am |
| Best practices for local admin account on servers? | June 2, 2006, 1:46 pm |
| Local account tries to authenticate to DC when service starts | August 14, 2006, 10:09 am |
| can I connect to an external server using a local account? | February 20, 2008, 12:45 pm |
|
XML Sitemap