Logging on users without administrative rights to an Active Directory domain controller
By default, users without administrative rights cannot log on to the Active Directory domain controller’s
console session. LogonExpert, in its turn, can log on to the console session only. This will cause the
following error to appear if you try to save the credentials of a limited user account on the domain
This, however, can be easily fixed by configuring the domain’s Group Policy:
Open the Group Policy Management window by clicking the Start button
and navigating to Windows Administrative Tools -> Group Policy Management.
Opening the Group Policy Management window
Navigate to your domain’s Default Domain Controllers Policy in the left-hand pane,
right-click it, and then click Edit.
Context menu of the Default Domain Controllers Policy
Navigate to User Rights Assignment in the left-hand pane of the Group Policy
Management Editor window, and then click it. In the right-hand pane, double-click Allow
log on locally.
User Rights Assignment component
In the Allow log on locally Properties dialog box, click Add User or Group.
Allow log on locally Properties dialog box before configuration
In the Add User or Group dialog box, add a user, several users, or a user group that
you are going to log on to the server using LogonExpert. It is recommended to use the Browse
button to check the names you are adding. When finished, click OK.
Adding users and groups
In the Allow log on locally Properties dialog box, click OK to save
the changes, and then close all other dialog boxes.
Allow log on locally Properties dialog box after configuration
Reboot the server to apply the policy. Please note that policy will not be applied without a reboot.