![]() |
|
|
|
#1 |
|
I tried to add a user in AD yesterday, and when I added a
new user that was only a member of the domain users group it created the object fine but when I logged off and try to logon as that user it gave me the message "local system policy prevents you from logging in interactivly", I know that according to the MS 70-215 test there answer to this situation is "give the user rights to log on locally". I do not want to do this. I want them to be able to log on to the domain. Next, I copied my account, the administrator, I was able to log on as them just fine to the domain, but now they are an administrator. That is not good. I need to be able to add them as a domain user only. How can this be done? MCP |
|
|
|
|
#2 |
|
Posts: n/a
|
Sounds to me like you created this user account and are trying to login
locally on a Domain Controller---thus your problem. Users cannot (by default) login locally to a DC. If this is your situation, you will have to do one of the two things you mentioned: give them the right to logon locally or make them a member of a group that already has this right. Best, Will www.mcseworld.com "MCP" <> wrote in message news:0ae601c3bb2e$b6a98ac0$... > I tried to add a user in AD yesterday, and when I added a > new user that was only a member of the domain users group > it created the object fine but when I logged off and try > to logon as that user it gave me the message "local system > policy prevents you from logging in interactivly", I know > that according to the MS 70-215 test there answer to this > situation is "give the user rights to log on locally". I > do not want to do this. I want them to be able to log on > to the domain. Next, I copied my account, the > administrator, I was able to log on as them just fine to > the domain, but now they are an administrator. That is > not good. I need to be able to add them as a domain user > only. How can this be done? MCSE World |
|
|
|
#3 |
|
Posts: n/a
|
>-----Original Message----- >Sounds to me like you created this user account and are trying to login >locally on a Domain Controller---thus your problem. I'm not convinced that logging that user account onto a DC is the cause of this error. I won't give away the answer (where's the fun in that?) but: Isn't there a Policy that can be applied that will give that exact error message when you try to log onto a workstation? Do the words "Deny Logon Locally" sound familiar? Anyone??? Marko |
|
|
|
#4 |
|
Posts: n/a
|
That's what you see when a "normal" domain user try to logon to a Domain
Controller. "Marko" <> wrote in message news:da5301c3bb3f$d4ffe620$... > > >-----Original Message----- > >Sounds to me like you created this user account and are > trying to login > >locally on a Domain Controller---thus your problem. > > I'm not convinced that logging that user account onto a DC > is the cause of this error. > > I won't give away the answer (where's the fun in that?) > but: Isn't there a Policy that can be applied that will > give that exact error message when you try to log onto a > workstation? Do the words "Deny Logon Locally" sound > familiar? Anyone??? Alex |
|
|
|
#5 |
|
Posts: n/a
|
It will work if u select "log on locally" thats all they
can do..they cannot change anything on the DC..they dont have any administrative rights... they will still be able to log on to the domain...they will still be in the domain users group. i have tried it and succeeded...wen u log on as a the user trying changing the time and date or checking the local area network settings and click on TCP/IP Protcol..it will tell u, u dont have the sufficient rights to change them.. >-----Original Message----- >I tried to add a user in AD yesterday, and when I added a >new user that was only a member of the domain users group >it created the object fine but when I logged off and try >to logon as that user it gave me the message "local system >policy prevents you from logging in interactivly", I know >that according to the MS 70-215 test there answer to this >situation is "give the user rights to log on locally". I >do not want to do this. I want them to be able to log on >to the domain. Next, I copied my account, the >administrator, I was able to log on as them just fine to >the domain, but now they are an administrator. That is >not good. I need to be able to add them as a domain user >only. How can this be done? >. > Sacha Kassami |
|
![]() |
| Thread Tools | Search this Thread |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| creating user defined service in windows | suresh_rtp | Software | 0 | 05-05-2009 08:34 AM |
| ASP.NET with User Interface Process Application Block | robinp | Software | 0 | 03-05-2007 10:01 AM |
| Ajax Atlas not working in User Control | faiq | Software | 0 | 09-16-2006 08:28 AM |
| Any DVD Player that can override User Prohibitions? | Walter Traprock | DVD Video | 3 | 12-03-2005 11:43 PM |
| TheDigitalReview: BABE SPECIAL EDITION - DVD REVIEW (User Review) | Mike McGee | DVD Video | 0 | 12-04-2003 04:52 AM |