Re: Windows Logon Access
- From: "Tim Chin" <donotemail>
- Date: Tue, 7 Aug 2007 09:13:52 -0500
This is because 'Domain Users' is in the 'Users' group of every domain
member by default. Only Administrators, Backup Operators, Guest, Power
Users, & Users can logon interactively to domain members.
You need to add your new global group to one of those groups on machines
that the users need to logon to or simply give the new global group 'Log on
locally' privileges to their respective set of machines via GPO or similar.
This setting is under 'Computer Configuration', 'Windows Settings',
'Security Settings', 'Local Policies', 'User Rights Assignment', 'Log on
locally'.
Note: If you modify this setting in group policy, be sure to place all
users/groups that you want to log on locally into the GPO as it will replace
the list, not append.
--
Tim
"Nphil" <Nphil@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0CB6FF4A-084A-43AF-9126-091ED4968DEE@xxxxxxxxxxxxxxxx
When I remove a user fromthe Domain User group that user is not able to
logon
to the domain any at all. It there anyway to specifiy a new group as thw
primary group and still have the user logon to the domain and gain access
to
only explicit resources that this new global group has access to?
please help.
.
- Prev by Date: Re: App to create Domain Diagram showing Rep Partners?
- Next by Date: RE: "Guest mode" in WiFi RADIUS?
- Previous by thread: Re: Windows Logon Access
- Next by thread: Tombstone Objects
- Index(es):
Relevant Pages
|
