You should consider placing those servers in a special OU (ie: Administered Servers) and then delegate the administrative rights to the sub-administrators. That would allow them to modify not only the "log on locally" but also other things that will help them on their duties.
Gabriel Zabal MCSE 2003 -----Mensaje original----- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Abbiss, Mark Enviado el: Lunes, 24 de Enero de 2005 03:22 p.m. Para: [email protected] Asunto: [ActiveDir] Controlling log on locally in an AD domain I am having a real problem getting my head round setting the "log on locally" policy for a group of computers. What I am hoping to achieve is the ability to allow different groups of sub-administrators the rights to log on locally to the servers they are responsible for. Currently, log on locally is only allowed to the Enterprise admins but as the number of servers grows and we need to delegate responsibuility to other nominated administrators, we find they are blocked from logging on and we can't find a clean solution. Can someone please point me in the direction of a tidy solution to the problem. Many thanks List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
