Bad boy Warrior Posted March 20, 2005 Share Posted March 20, 2005 When i want a user to access the server to do something i have to assign them admin rights. Is there anyway to grant them access using remote desktop without giving them admin rights? ive tried to add the user to the remote desktop group but that doesnt resolve the issue (right click my computer then click remote and add)?Thanks Link to comment Share on other sites More sharing options...
valter Posted March 20, 2005 Share Posted March 20, 2005 gpos ... Access this computer from the network in default domain controller policy .. Link to comment Share on other sites More sharing options...
Bad boy Warrior Posted March 20, 2005 Author Share Posted March 20, 2005 I tried that but i still get the error "The local policy of the System does not permit you to logon interactively" i have added this user to "Access this computer from the network " as you advised and added him to the Remote desktop users too - what could i be doing wrong?Thank youalso whats the difference between the "Group Policy Object Editor" and "Default Group Policy"? Link to comment Share on other sites More sharing options...
FAT64 Posted March 20, 2005 Share Posted March 20, 2005 Try, Allow Logon Locally in the Domain Controller Security Policy. Incidentally, it's not usually a good idea to allow ordinary Users to logon to your Domain Controller. Link to comment Share on other sites More sharing options...
Bad boy Warrior Posted March 20, 2005 Author Share Posted March 20, 2005 I tried that and it already has the user's name in the box. Thanks for your advice but this user needs to access the domain just for a short while but id rather not have him have admin rights - also incase this helps the user is a memeber of ONLY Remote Desktop Users and Domain Users Link to comment Share on other sites More sharing options...
FAT64 Posted March 20, 2005 Share Posted March 20, 2005 What is it exactly that you want this user to be able to do on the server? Link to comment Share on other sites More sharing options...
Bad boy Warrior Posted March 20, 2005 Author Share Posted March 20, 2005 I want him to be able to access the system to run certain things whilst im away (allow certain accounts that get locked to unlock them) etc etc Link to comment Share on other sites More sharing options...
valter Posted March 20, 2005 Share Posted March 20, 2005 for unlocking accounts and changing passwords you don't need to allow ordinary user to log on onto server. You can use Delegate control wizard to alow particular users to change passwords and unlock accounts, then you can create them a mmc with only options you want them to be able to use. Anyway to be able to change passa dn unlock acc you don't need to log on to server, but on to domain ..gpo editor is a program for editing gpos and I don't know any default group policy Link to comment Share on other sites More sharing options...
Ge0ph Posted March 21, 2005 Share Posted March 21, 2005 Remote Desktop into a Windows 2k or 2k3 server is admin only. If you want non-admin users to remote in you need Termenal Services. Or use something like Dameware or VNC. Link to comment Share on other sites More sharing options...
Bad boy Warrior Posted March 21, 2005 Author Share Posted March 21, 2005 Thanks peeps for your help again, id buy you all a drink if i could for your help B) . I think Terminal services is what i need to read upon - beware for further questions Link to comment Share on other sites More sharing options...
valter Posted March 21, 2005 Share Posted March 21, 2005 The painless way is to use Delegate wizard (right click on the OU and run delegate wizard) ... then you can create mmc with the functionality you want them to be able to do ... once you're back, you remove those users from Security tab from OU properties ... Link to comment Share on other sites More sharing options...
Serioga Posted March 21, 2005 Share Posted March 21, 2005 Well, I'm not quit sure, but have you tried to add your account both, to the Remote Users and Print Operators groups (or Remote Users and Allow log on locally policy)? Link to comment Share on other sites More sharing options...
Bad boy Warrior Posted March 22, 2005 Author Share Posted March 22, 2005 Yes tried that too Link to comment Share on other sites More sharing options...
jondercik Posted March 23, 2005 Share Posted March 23, 2005 You can install the administrative tools locally on their PCs so they dont need to log on to the server. Link to comment Share on other sites More sharing options...
FAT64 Posted March 23, 2005 Share Posted March 23, 2005 Indeed, just run "adminpak.msi". Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now