|
List Home > Operating System > Windows Server 2003 > [ Post New Problem ]
Welcome back !
| TrackingID : | 4062 |
| Posted : | Wednesday, January 18th, 2006 02:01:17 PM |
| By : | johanovitch5 |
| users can't login on DC | Configuration: |
|
Hello, I've setup a domain with roaming profiles for the users.All is working fine, except that domain users cannot login on the Domain Controller.The only solution I found so far is to make the users member of the domain admins-group, but that is not a good idea, as the users are then able to mess with the domain settings.is there another way that domain users can login in a restricted way on the DC?Johan
| Operating System : Windows Server 2003
|
Comments :
users can't login on DC by curtr2 on January 18th, 2006 03:02:02 PM
I don't know why anybody would want to allow users to login locally on a server. I'm hoping this is just a test environment because doing so in the "real world" is asking for trouble.Check the security policies. I'm not sure which one offhand but if you look through, you'll find the setting for allowing users to log on locally. That's where you choose who to allow to log onto the console. It's likely in the Local Security Policy on the server. If not there, check the Domain level GPO. |
users can't login on DC by glen2 on January 18th, 2006 06:07:10 PM
The reason that the users can not log into a DC locally is a very good one. If you allow them to log on they have access to a number of things you don't want them to have access. Why in the world would you even consider letting them log in locally? If you don't have enough computers for them to log in from their own machines then you don't need a domain in the first place. |
users can't login on DC by davea2 on January 19th, 2006 01:57:02 AM
Ill echo the above, unless you mean through a Terminal Session? |
users can't login on DC by heropsycho21777 on January 19th, 2006 06:35:09 AM
Not even a terminal session is a good justification. Users should not be logging on to a domain controller in any fashion interactively. Do you really want your DC to go down because over something like some idiot user surfed a pr0n site with a malicious Active X or Java script?! What if the DC were breached in such a manner, and hackers then could get all the user accounts, etc.?I know extra computers can be costly, but what will it cost for you or a contractor to fix a broken DC and possibly a breached network in labor and any loss of productivity caused in the process?"...but in my defense, it was dark, I was drunk, and it was delicious!" |
Re: users can't login on DC by Anonymous Ghost on January 19th, 2006 01:43:04 PM
If you want to use the same machine/hardware; use virtualization and run tow OS simultaneously. |
List Home > Operating System > Windows Server 2003 > [ Post New Problem ] |
|
