Re: Move W2K3 server to it's own OU seperate from SBS (MyBusiness) OU

Tech-Archive recommends: Fix windows errors by optimizing your registry

---

• From: "kj [SBS MVP]" <KevinJ.SBS@xxxxxxxxxxxxxxxxxx>
• Date: Wed, 16 Jan 2008 14:33:21 -0700

---

California SBS Dreaming wrote:

For most policies yes I can. But the two I'm concerned about and need
to manage are "allow to log on locally" and "log on as a service".
These services the "Add" option is greyed out because they are define
and inherited from the SBS server. I'm afraid you do not quite
understanding my post Les. I have no problems creating the local
account on the member server. I need to able to add this local
account to the local policy. Hence my reasoning to moving it out of
the MyBusiness OU. I don't want the member server to get the ploicies
from the SBS server.

There's more than one way to skin that cat, Cal. You can make a new OU, use
the builtin Computers container, or you can filter out the SBS group policy
settings, and other ways too. If all you need is to change the logon
locally, then I'd probably add my own, filter it for ONLY the server in
question, and make it higher on the policy list so it'll take prcendence.

"Les Connor [SBS MVP]" <les.connor@xxxxxxxxxxxx> wrote in message
news:9F2399E5-6A87-4E97-8D42-68267F061F31@xxxxxxxxxxxxxxxx

If you log onto the member server, and right click my computer >
manage, do you not see local users and groups? Can you not add a
local user here, and/or add a domain user account to the local user
group? --
Les Connor [SBS MVP]


"California SBS Dreaming" <noreply@xxxxxxxxxxx> wrote in message
news:Opng5cGWIHA.5208@xxxxxxxxxxxxxxxxxxxxxxx

Les,
Thank you for you for taking the time and your input. I stated in
my post that this program "requires" a local non admin account. It
will not work with a domain account. This W2K3 server is a member
server only. So I need to be able to grant this local account the
right to "log on as a service" on the local machine. Hence the
reason why I need to be able to manage the local group policy on
the server. "Les Connor [SBS MVP]" <les.connor@xxxxxxxxxxxx> wrote in
message
news:091C6019-18FA-43D1-A329-9FD15635F5EB@xxxxxxxxxxxxxxxx

Is the member server a DC? If so, it has no local users. I'd
suggest it shouldn't be a DC, but even so, you should be able to
create and use a domain user account for the service.

--
Les Connor [SBS MVP]


"California SBS Dreaming" <noreply@xxxxxxxxxxx> wrote in message
news:O6jT7u7VIHA.5348@xxxxxxxxxxxxxxxxxxxxxxx

I am running SBS 2003 Premium SP1. I've also got a W2K3 Standard
SP1 server that is part of the SBS domain. I need to install an
application that requires a non administrative "local" account
and given the right to "log on as a service" on the local machine.
Well my issue is that because the W2K3 server is in the SBS
MyBusiness OU it inherits the GPO from the SBS server and of
course we all know that I cannot add a local machine account to
allow it to "log on as a service". I also cannot edit or add a
local machine account to the local policies. OK not a problem I
said. I'll just create a new OU and move the W2K3 server there
which I did. My problem is that I still cannot add or edit the
"log on as a service" on the local machine. It appears to still
be inheriting it's policies from the SBS server. I think my
problem is that I may have created the new OU at the wrong level
of the forest. The SBS "MyBusiness" OU resides on the tree under
domain.local which is the same level where I create this new OU
and moved the W2K3 server to. I want to be able to control local
policies on the W2K3 server. Did I create the OU at the wrong
level of my forest tree?

--
/kj


.

---

• References:
  • Move W2K3 server to it's own OU seperate from SBS (MyBusiness) OU
    • From: California SBS Dreaming
  • Re: Move W2K3 server to it's own OU seperate from SBS (MyBusiness) OU
    • From: California SBS Dreaming
  • Re: Move W2K3 server to it's own OU seperate from SBS (MyBusiness) OU
    • From: Les Connor [SBS MVP]
  • Re: Move W2K3 server to it's own OU seperate from SBS (MyBusiness) OU
    • From: California SBS Dreaming

• Prev by Date: Re: External email recipient
• Next by Date: Re: SBS 2003, Linksys Wireless Router & XP Notebook
• Previous by thread: Re: Move W2K3 server to it's own OU seperate from SBS (MyBusiness) OU
• Next by thread: Re: Move W2K3 server to it's own OU seperate from SBS (MyBusiness) OU
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Getting alot of these emails ... Thank you for posting in the SBS newsgroup. ... this issue can occur if your SBS 2003 server is ... Disable the Guest account in your SBS 2003 server and enable Stronger ... Microsoft is providing this information as a convenience to you. ... (microsoft.public.windows.server.sbs) RE: Help .. Small Business Server Error may be DNS ? ... Thank you for posting in SBS newsgroup. ... issue can occur when you restart the SBS 2003 server. ... resource from the network with a bad password or an account that was locked ... (microsoft.public.windows.server.sbs) Re: connect computer setup fails ... The administrator account you use to login - this is an account with ... Les Connor [SBS MVP] ... > willswing01 is the SBS server. ... (microsoft.public.windows.server.sbs) Re: SMB2K3 Prem: Setup with Dynamic DNS Service TZO ... SBS 2003 DDNS and Email Setup Procedure... ... DDNS account so that you can always have access to your server, ... The preferred network setup is 2 NICs in the SBS server plus a router. ... (microsoft.public.windows.server.sbs) Re: Client Network settings ... change of the domain machine account password. ... the other option would be to create 3 VPC ws images. ... or one complete SBS install and then copy that hard drive? ... I connect to the SBS server? ... (microsoft.public.windows.server.sbs)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.sbs  > 2008-01