Group Policy User Rights Assignment issue

hyperrawr9000hyperrawr9000 Posts: 39Registered Members ■■□□□□□□□□
Ok the problem i am having is with giving user accounts logon rights to my servers. I have tried adding a GPO at the site, domain and ou levels and cant get these settings applied. The only way i can get them to work is if i put them in the local policy of each machine.
The Settings are: Computer Configuration/Windows Settings/Security Settings/Local Policies/User Right Assignments:
Allow Logon Locally
Allow Logon Through Terminal Services

I add the group i want to be able to logon to these groups but when i try to logon they still dont have the rights to do so. I added a 3rd setting to the GPO to add the shutdown button to the logon screen and rebooted the machines and that part of the GPO is working. I dont recall any limitations on where to place local policies to make them work and this should be the only GPO with defined settings in the forest atm. If anyone knows what im doing wrong please feel free to tell me.

Comments

  • undomielundomiel Posts: 2,818Registered Members
    Time to break out gpresult and rsop to start troubleshooting. Make sure your policy isn't being filtered out and also make sure the settings aren't being overridden somewhere. rsop will tell you what policy's setting is taking precedence.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
  • hyperrawr9000hyperrawr9000 Posts: 39Registered Members ■■□□□□□□□□
    hmm well i was going to say i couldnt do that because ive never logged the user onto the machine before, but i should really be checking the policies for the computer not the user. Unfortunately ive changed the setup since I originally had this problem and made the other 2 servers their own domains so i cant check why they couldnt log onto the original domain. However i did find out that the default DC controller policy was overwriting the local logon part now so that part is solved at least.
  • DevilsbaneDevilsbane Posts: 4,212Registered Members
    You don't actually need to log onto the machine with the user. Even if your current setup is different, you can always use planning mode to attempt to simulate your old configuration.
    Decide what to be and go be it.
  • hyperrawr9000hyperrawr9000 Posts: 39Registered Members ■■□□□□□□□□
    are you sure? i could have sworn i read that you had to log onto a machine with a user at least once before you could use rsop with it
  • Mojo_666Mojo_666 Posts: 438Registered Members
    are you sure? i could have sworn i read that you had to log onto a machine with a user at least once before you could use rsop with it

    He is refering to the use of the "Group Policy Modeling" tool not rsop icon_thumright.gif
Sign In or Register to comment.