Announcement

Collapse
No announcement yet.

local logon on DC

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • local logon on DC

    I do not seem to understand this i am performing one of my labs for manipulating user accounts.

    I have one user account with logon restriction time another one has to change password at next logon and another account with a password expiration date.

    apparently if these users are in the printer operators group they should b able to logon on the DC. I have tried this however it does not seem to work.
    Beauty is in the eyes of the beholder

  • #2
    if your are on W2K3, run rsop.msc and check the effective settings under Computer Configuration --> Windows Settings --> Security Settings --> Local Policy --> User Right assignment. The entry you are looking for is "Allow log on locally".

    If at W2K, run gpedit.msc and do the same (although it will not show local security settings of the DC - you actually need to know the defaults).
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"

    Comment


    • #3
      Thanks for your reply,

      I am aware that you can do this via group policy or local security policy and configure logon locally policy statement. i am just trying to understand why the book states that if you add users to the printer operators group you can logon locally on the DC, it does not make any sense. And this comes straight from the microsoft press book for 70-215.
      Beauty is in the eyes of the beholder

      Comment


      • #4
        From the Microsoft point of view it does make sence: in order to install the driver for a new printer, you need to logon to the server, thou I personally consider installing printers on DC as a VERY bad idea.

        The defaults (given the fact you have not changed anything) should let Print Operators logon to the console, but will not let the group logon through Terminal Session as the default local security settings only allows Administrators to logon through TS and the setting is not defined in Default DC GPO.
        Guy Teverovsky
        "Smith & Wesson - the original point and click interface"

        Comment


        • #5
          From seeing my system log looks like i have a problem with my DNS server, i have seen about 10 errors one of them being "Dynamic registration or deregistration of one or more DNS records failed because no DNS servers are available".

          I will have a look at the knowledge base to see what the solution is, if it cnat be resolved through their suggestions i will repost in the forum.

          I dont understand why it would be a bad idea to install printer drivers locally on the DC. I thought the idea was to reduce total cost of ownership by having a centralised installation.
          Beauty is in the eyes of the beholder

          Comment

          Working...
          X