Non-Admin logon in DC across VPN

  • Thread starter Thread starter Abuelo
  • Start date Start date
A

Abuelo

Hello.

Can someone tell me how to allow a corporate user to log (like I do
using terminal server or remote desktop from inside the LAN) into the
domain controller of this LAN across a VPN?

I'm trying to give acces to log on locally using the GPOs but it seems
to give no results (the error message says that I haven't got enough
permissions to log on locally)...

When i'm trying to do this using my admin credentials all works fine,
but when using the "commercials" user to log I receive the above
error.

Any help will be apreciated.

Thank you!
 
Kidem-portem said:
check this out

http://www.microsoft.com/technet/tr...3/proddocs/standard/localsec_troubleshoot.asp



Received the "The local policy of this system does not permit you to
logon interactively" error message, or unable to log on locally.

Cause: The ability to log on locally to a stand-alone server

stand-alone server\
.

Solution: Add the user account to the Users local group or use the
local security policy to assign the particular user or group the right to
Allow log on locally.

See also: Allow log on locally;To assign user rights for your local
computer;Local Security Policy overview




"
Click to expand...

Hello.

Thank you for the help, but still doesn´t work.

Here's the scenario. Maybe it helps.

I have some "commercial" users that must log on locally in one of the
DCs (the one that holds the IP Routing server) and open IE to work.

I use one test account and gave it the following permissions using
GPOs:

- Over the complete domain:
+ Act as part of the OS.
+ Log on as batch process.
+ Log on as service.
+ Log on locally.
+ Have access from the network.

+ Over the DCs: (Default Domain Controller Policy modified)
+ Act as part of the OS.
+ Log on as batch process.
+ Log on as service.
+ Log on locally.
+ Have access from the network.

- The user is member of the following groups:
+ Users.
+ Domain Users.

Maybe someone find out what config I'm missing and give me some
help... plzz.... :-)

Thank you again for your help and patience...
 
Hello.

Thank you for the help, but still doesn´t work.

Here's the scenario. Maybe it helps.

I have some "commercial" users that must log on locally in one of the
DCs (the one that holds the IP Routing server) and open IE to work.

I use one test account and gave it the following permissions using
GPOs:

- Over the complete domain:
+ Act as part of the OS.
+ Log on as batch process.
+ Log on as service.
+ Log on locally.
+ Have access from the network.

+ Over the DCs: (Default Domain Controller Policy modified)
+ Act as part of the OS.
+ Log on as batch process.
+ Log on as service.
+ Log on locally.
+ Have access from the network.

- The user is member of the following groups:
+ Users.
+ Domain Users.

Maybe someone find out what config I'm missing and give me some
help... plzz.... :-)

Thank you again for your help and patience...
Click to expand...

Problem solved.

The solution consists in installing a terminal server licensing system
because Windows 2000 AS only allows two remote sessions in admin mode,
and this terminal licenses are needed to log on (as commercials) from
the VPN.

Thank all for reading this & the help...
 
Back
Top