Local Security Policy

[Barry]

I need to set a local security policy on a stand alone
server. When I set it, the effective box is grayed out.
The domain policy is not set to no override, but it was
set at one time. This is a Windows 2000 domain with a
windows 2000 server.

 

[Richard McCall [MSFT]]

You can not select the effective check box. Force a refresh of the policies
on the machine and see if it checks the effective. If not then double check
any other policies that apply to make sure that setting is set to not
defined.

 

[Barry]

I think I am not explaining myself very well.
A domain policy is in effect to only allow certain users
the right to log on locally to a server. On that server,
there is a iuser_computer account that needs that right.
Is there a way to grant that right to the local policy and
have it be the effective policy?

 

[Richard McCall [MSFT]]

No the domain policy takes effect over the local policy where the same user
rights are defined. there is only replace at this time not a merge.

 

[Steven L Umbach]

Create an Organizational Unit for that server. The create a new GPO for that OU and
configure the logon locally user right to be what you want for computers in that OU
and move the server into it. That user right configuration will then override your
domain policy setting and become effective setting. There is no way to make Local
Security Policy for that user right to be effective policy since you have it defined
at the domain level.--- Steve

 

[Barry]

So how do I get a local user log on as service rights?
There is no account in Active Directory for a local user
on a stand alone server.