Click here to get back home

log onto a DC for non domain admins
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
log onto a DC for non domain admins Nathan 11-15-2005
Posted by Nathan on November 15, 2005, 9:25 am
Please log in for more thread options
 What are the minimum permissions needed to log onto a DC and restart a DC
via TS. Is there an existing group?

Our team wants to use actual domain admin privileges as little as possible.
We have successfully delegated user/group/replication but still need to log
onto a DC for restarts.

Thanks

Nathan





Posted by Steven L Umbach on November 15, 2005, 3:03 pm
Please log in for more thread options
 If the server is Window 2000 the user will need the user right to logon
locally and the user will need the user right to shut down the system. ---
Steve


> What are the minimum permissions needed to log onto a DC and restart a DC
> via TS. Is there an existing group?
>
> Our team wants to use actual domain admin privileges as little as
> possible. We have successfully delegated user/group/replication but still
> need to log onto a DC for restarts.
>
> Thanks
>
> Nathan
>
>
>




Posted by Miha Pihler [MVP] on November 15, 2005, 7:11 pm
Please log in for more thread options
Hi Nathan,

Did you allow your users RDP connection to the server?

Remote desktop connection "The local policy of this system does not permit
you to logon interactively"
http://support.microsoft.com/default.aspx?scid=kb;en-us;289289

--
Mike
Microsoft MVP - Windows Security

> What are the minimum permissions needed to log onto a DC and restart a DC
> via TS. Is there an existing group?
>
> Our team wants to use actual domain admin privileges as little as
> possible. We have successfully delegated user/group/replication but still
> need to log onto a DC for restarts.
>
> Thanks
>
> Nathan
>
>
>




Posted by Roger Abell [MVP] on November 15, 2005, 10:43 pm
Please log in for more thread options
You could try making them Server Operators, although this would
carry more than just what you have here specified, but it may be
that if they are to be able to reboot a DC they will also have these
other duties. In addition then they would need login/ts grants.

--
Roger Abell
Microsoft MVP (Windows Server : Security)
MCDBA, MCSE W2k3+W2k+Nt4
> What are the minimum permissions needed to log onto a DC and restart a DC
> via TS. Is there an existing group?
>
> Our team wants to use actual domain admin privileges as little as
> possible. We have successfully delegated user/group/replication but still
> need to log onto a DC for restarts.
>
> Thanks
>
> Nathan
>
>
>




Similar ThreadsPosted
Domain admins October 12, 2007, 9:38 am
Restricting Domain Admins June 1, 2005, 5:32 pm
AD administrators and domain admins groups April 25, 2006, 12:26 pm
Added to Domain Admins but removed again automatically March 7, 2008, 1:53 pm
Admin shares no longer accessible for users not in domain admins April 22, 2006, 8:09 am
Local admins June 15, 2007, 2:13 am
Admins acount policy June 7, 2007, 9:15 am
protect admins account June 7, 2007, 10:19 am
"Best Practices" Guidelines for New Network Admins December 26, 2006, 1:59 pm
Rules for admins group accounts&passwords June 7, 2007, 8:15 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap