Local Policies on DCs

  • Thread starter Thread starter Bill
  • Start date Start date
B

Bill

I have a domain controller that I need to allow log on a
service access to. I just want to give this access to one
user and just on this domain controller. I give the user
access in the Local Policy, but the user still cannot log
in as a service. If I look at the properties of 'Log On
As Service' in the Local Policy, the user has a check next
to Local Policy, but not next to Effective Policy. How do
I apply the Local Policy to the Domain Controller?

If I give the user rights at the Domain Controller
Security Policy level, it works. But then I gave the user
Logon As Service rights to all the domain controllers. I
don't want to do that.

Any help is appreciated.
Thanks.
Bill
 
You can create a new Organizational Unit within the domain controllers container and
create a GPO for it with the settings you need for that domain controller and then
move that domain controller into that sub OU. Be sure to include all the users you
need in the log on locally setting including administrators as that will override the
Domain Controller Security Policy setting. All other security policy will still apply
to the domain controller in that OU unless specifically defined in the sub OU GPO. Be
sure to test out before implementing. --- Steve
 
Back
Top