Log on Locally

  • Thread starter Thread starter Nate
  • Start date Start date
N

Nate

Hi all,

Relative novice in AD admin.

As a test and to learn a bit more, I created a new OU
called SpecialUser. I then created a Group (called
SpecialGroup) and User (called SpecialUser) in that OU.

Then I created a new Group Policy and linked it to that
OU. In the group policy I set the permission "Log On
Locally" for the SpecialGroup in that OU.

The problem is that when I try to log on locally to the
server as the SpecialUser, I get the error message that
the local policy does not permit me to log on locally.

I know that I can set that permission in the Default
Domain Policy, but I want this permission only for this
special group, not to anyone else.

Any ideas why this OU policy would not work?

thanks

Nate
 
Use the Local Security Policy tool to see what the current settings on the
client are set to and make sure this is being set properly on the computer.
Also, make sure that there isn't a deny interactive logon right being
applied to that computer for this user. In the client's registry, check
HKLM\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail and make sure
that it isn't set to 2. If it is, set it back to 1 or 0.

N
 
Back
Top