Logging on users without administrative rights to an Active Directory domain controller

By default, users without administrative rights cannot log on to an Active Directory domain controller’s console session. LogonExpert, in its turn, can log on to the console session only, which will cause the following error to appear if you try to log on to the console with a limited user account:

This, however, can be easily fixed by configuring the domain’s Group Policy:

  1. Open the Group Policy Management window by clicking the Start button and navigating to Windows Administrative Tools -> Group Policy Management.


    Opening the Group Policy Management window

  2. Navigate to your domain’s Default Domain Controllers Policy in the left-hand pane, right-click it, and then click Edit.


    Context menu of the Default Domain Controllers Policy

  3. Navigate to User Rights Assignment in the left-hand pane of the Group Policy Management Editor window, and then click it. In the right-hand pane, double-click Allow log on locally.


    User Rights Assignment component

  4. In the Allow log on locally Properties dialog box, click Add User or Group.


    Allow log on locally Properties dialog box before configuration

  5. In the Add User or Group dialog box, add a user, several users, or a user group that you are going to log on to the server using LogonExpert. It is recommended to use the Browse button to check the names you are adding. When finished, click OK.


    Adding users and groups

  6. In the Allow log on locally Properties dialog box, click OK to save the changes, and then close all other dialog boxes.


    Allow log on locally Properties dialog box after configuration

  7. Reboot the server to apply the policy. Please note that policy will not be applied without a reboot.