+ Reply to Thread
Results 1 to 6 of 6
  1. God Emperor of Canada
    Join Date
    May 2010
    Posts
    38

    Certifications
    A+ MCSA CCNA
    #1

    Default Group Policy User Rights Assignment issue

    Ok the problem i am having is with giving user accounts logon rights to my servers. I have tried adding a GPO at the site, domain and ou levels and cant get these settings applied. The only way i can get them to work is if i put them in the local policy of each machine.
    The Settings are: Computer Configuration/Windows Settings/Security Settings/Local Policies/User Right Assignments:
    Allow Logon Locally
    Allow Logon Through Terminal Services

    I add the group i want to be able to logon to these groups but when i try to logon they still dont have the rights to do so. I added a 3rd setting to the GPO to add the shutdown button to the logon screen and rebooted the machines and that part of the GPO is working. I dont recall any limitations on where to place local policies to make them work and this should be the only GPO with defined settings in the forest atm. If anyone knows what im doing wrong please feel free to tell me.
    Reply With Quote Quote  

  2. SS -->
  3. Virtual Member undomiel's Avatar
    Join Date
    Sep 2007
    Location
    Bellevue, WA
    Posts
    2,813

    Certifications
    MCSA:2008, VCP4/5, CCA (XS), MCITP: EA/VA, MCSE, MCSA, Linux+, Security+, Server+, A+
    #2
    Time to break out gpresult and rsop to start troubleshooting. Make sure your policy isn't being filtered out and also make sure the settings aren't being overridden somewhere. rsop will tell you what policy's setting is taking precedence.
    Reply With Quote Quote  

  4. God Emperor of Canada
    Join Date
    May 2010
    Posts
    38

    Certifications
    A+ MCSA CCNA
    #3
    hmm well i was going to say i couldnt do that because ive never logged the user onto the machine before, but i should really be checking the policies for the computer not the user. Unfortunately ive changed the setup since I originally had this problem and made the other 2 servers their own domains so i cant check why they couldnt log onto the original domain. However i did find out that the default DC controller policy was overwriting the local logon part now so that part is solved at least.
    Reply With Quote Quote  

  5. Senior Member Devilsbane's Avatar
    Join Date
    Apr 2010
    Posts
    4,203

    Certifications
    MCSE:Security, MCDST, A+, Network+, Security+, ITIL V3 Foundations, ITIL 2011 Intermediate: Service Transition, MOS 2007 (MCAS) BAS Computer Forensics
    #4
    You don't actually need to log onto the machine with the user. Even if your current setup is different, you can always use planning mode to attempt to simulate your old configuration.
    Reply With Quote Quote  

  6. God Emperor of Canada
    Join Date
    May 2010
    Posts
    38

    Certifications
    A+ MCSA CCNA
    #5
    are you sure? i could have sworn i read that you had to log onto a machine with a user at least once before you could use rsop with it
    Reply With Quote Quote  

  7. I "HEART" M$ Mojo_666's Avatar
    Join Date
    Jun 2010
    Location
    Cardiff, Wales UK
    Posts
    438

    Certifications
    MCSE+M, MCSE+S, MCITP:SA, MCITP:EA, MCSA:2008, MCSA:2012
    #6
    Quote Originally Posted by hyperrawr9000 View Post
    are you sure? i could have sworn i read that you had to log onto a machine with a user at least once before you could use rsop with it
    He is refering to the use of the "Group Policy Modeling" tool not rsop
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks