How to setup logon

  • Thread starter Thread starter circulent
  • Start date Start date
C

circulent

I manage a small Windows 2003/Windows XP domain. I'm trying to figure out a
way for all users to be able to logon to any computer without having to set
each person up as a local admin everywhere. This would not apply to servers
though.

If I don't ive each person local admin right, then I get this message: The
local policy of this machine does not allow you to logon interactively.

Thoughts? Thanks
 
You want to allow any user to log on to any workstation as a local admin?

Why?

"circulent" <circulent@discussions.microsoft.com> wrote in message
news:5A6AC8A1-53B7-4E10-8693-1151175EDD31@microsoft.com...
>I manage a small Windows 2003/Windows XP domain. I'm trying to figure out a
> way for all users to be able to logon to any computer without having to
> set
> each person up as a local admin everywhere. This would not apply to
> servers
> though.
>
> If I don't ive each person local admin right, then I get this message: The
> local policy of this machine does not allow you to logon interactively.
>
> Thoughts? Thanks
 
no. i just want people to be able to logon to any machine. is this possible
WITHOUT manually making them a local admin?

"Bill Grant" wrote:

> You want to allow any user to log on to any workstation as a local admin?
>
> Why?
>
> "circulent" <circulent@discussions.microsoft.com> wrote in message
> news:5A6AC8A1-53B7-4E10-8693-1151175EDD31@microsoft.com...
> >I manage a small Windows 2003/Windows XP domain. I'm trying to figure out a
> > way for all users to be able to logon to any computer without having to
> > set
> > each person up as a local admin everywhere. This would not apply to
> > servers
> > though.
> >
> > If I don't ive each person local admin right, then I get this message: The
> > local policy of this machine does not allow you to logon interactively.
> >
> > Thoughts? Thanks
>
>
 
If you are using a domain, any user should be able to do a domain login
from any machine.

"circulent" <circulent@discussions.microsoft.com> wrote in message
news:D50F040D-B134-45FF-90AB-CC296C1FCD29@microsoft.com...
> no. i just want people to be able to logon to any machine. is this
> possible
> WITHOUT manually making them a local admin?
>
> "Bill Grant" wrote:
>
>> You want to allow any user to log on to any workstation as a local
>> admin?
>>
>> Why?
>>
>> "circulent" <circulent@discussions.microsoft.com> wrote in message
>> news:5A6AC8A1-53B7-4E10-8693-1151175EDD31@microsoft.com...
>> >I manage a small Windows 2003/Windows XP domain. I'm trying to figure
>> >out a
>> > way for all users to be able to logon to any computer without having to
>> > set
>> > each person up as a local admin everywhere. This would not apply to
>> > servers
>> > though.
>> >
>> > If I don't ive each person local admin right, then I get this message:
>> > The
>> > local policy of this machine does not allow you to logon interactively.
>> >
>> > Thoughts? Thanks
>>
>>
 
>circulent" <circulent@discussions.microsoft.com> wrote in message news:>
> If I don't ive each person local admin right, then I get this message: The
> local policy of this machine does not allow you to logon interactively.
>

You do not need to be a local admin to logon to a Domain Computer. And if
you're getting that message, then there is something else wrong.
By default these users have the the "Logon Locally" right:
- On workstations and servers: Administrators, Backup Operators, Power
Users, Users, and Guest.
- On domain controllers: Account Operators, Administrators, Backup
Operators, Print Operators, and Server Operators.

You may have inadvertantly set the "Deny logon locally" right to "deny" in a
GPO.
Check under: Computer Configuration> Windows Settings> Security Settings,
expand Local Policies, and then check User Rights Assignment.
 
Rob,

Sorry its been so long to get back to you. I double checked all GPO's and
none of them have this setting enabled.

Out of the box once attached to a domain, I know I can add a domain user to
the local 'Remote Desktop Users' group to allow them to login remotely via
RDP. How can I use a GPO to do this for specific machines and specific users,
or all users?

Thanks


"JohnB" wrote:

> >circulent" <circulent@discussions.microsoft.com> wrote in message news:>
> > If I don't ive each person local admin right, then I get this message: The
> > local policy of this machine does not allow you to logon interactively.
> >
>
> You do not need to be a local admin to logon to a Domain Computer. And if
> you're getting that message, then there is something else wrong.
> By default these users have the the "Logon Locally" right:
> - On workstations and servers: Administrators, Backup Operators, Power
> Users, Users, and Guest.
> - On domain controllers: Account Operators, Administrators, Backup
> Operators, Print Operators, and Server Operators.
>
> You may have inadvertantly set the "Deny logon locally" right to "deny" in a
> GPO.
> Check under: Computer Configuration> Windows Settings> Security Settings,
> expand Local Policies, and then check User Rights Assignment.
>
>
>
 
Back
Top