Logging on users without administrative rights to an Active Directory domain controller
By default, users without administrative rights cannot log on to the Active Directory domain controller’s
console session. LogonExpert, in its turn, can log on to the console session only. This will cause the
following error to appear if you try to save the credentials of a limited user account on the domain
controller server:
This, however, can be easily fixed by configuring the domain’s Group Policy:
-
Open the Group Policy Management window by clicking the Start button
and navigating to Windows Administrative Tools -> Group Policy Management.
Opening the Group Policy Management window
-
Navigate to your domain’s Default Domain Controllers Policy in the left-hand pane,
right-click it, and then click Edit.
Context menu of the Default Domain Controllers Policy
-
Navigate to User Rights Assignment in the left-hand pane of the Group Policy
Management Editor window, and then click it. In the right-hand pane, double-click Allow
log on locally.
User Rights Assignment component
-
In the Allow log on locally Properties dialog box, click Add User or Group.
Allow log on locally Properties dialog box before configuration
-
In the Add User or Group dialog box, add a user, several users, or a user group that
you are going to log on to the server using LogonExpert. It is recommended to use the Browse
button to check the names you are adding. When finished, click OK.
Adding users and groups
-
In the Allow log on locally Properties dialog box, click OK to save
the changes, and then close all other dialog boxes.
Allow log on locally Properties dialog box after configuration
-
Reboot the server to apply the policy. Please note that policy will not be applied without a reboot.