RE: [ActiveDir] Unlock Workstation User Right

Mon, 28 Feb 2005 09:43:52 -0800 

Thanks for the input from all.

Sorry to not be clear - I meant unlock workstations.  Thanks, Joe, for pointing 
out that I meant local admins group on the workstation.  I was hoping that I 
could be a bit more granular in assigning this right - i.e. just the right to 
unlock the workstation instead of being a local administrator.

Maybe I'll have to think again - maybe force logoff outside of office hours 
instead of allowing the workstation to lock.

Tim   

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Monday, February 28, 2005 9:58 AM
To: [email protected]
Cc: [email protected]; [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Unlock Workstation User Right

Sorry, ignore my last post completely - I read that as unlock user right,
not the unlock workstation.

I think Joe is correct - I believe only admins on the machine can unlock
computers.

Regards;

James R. Day
Active Directory Core Team
Office of the Chief Information Officer
National Park Service
(202) 354-1464 (direct)
(202) 371-1549 (fax)
[EMAIL PROTECTED]


|---------+---------------------------------->
|         |           "joe"                  |
|         |           <[EMAIL PROTECTED]> |
|         |           Sent by:               |
|         |           [EMAIL PROTECTED]|
|         |           tivedir.org            |
|         |                                  |
|         |                                  |
|         |           02/28/2005 09:42 AM EST|
|         |           Please respond to      |
|         |           ActiveDir              |
|---------+---------------------------------->
  
>------------------------------------------------------------------------------------------------------------------------------|
  |                                                                             
                                                 |
  |       To:       <[email protected]>                              
                                                 |
  |       cc:       (bcc: James Day/Contractor/NPS)                             
                                                 |
  |       Subject:  RE: [ActiveDir] Unlock Workstation User Right               
                                                 |
  
>------------------------------------------------------------------------------------------------------------------------------|




If you mean unlock the console of a machine locked by a user, I think you
have to be an administrator on that machine. It doesn't take any domain
level permissions except being an authenticatable user unless the machine
someone wants to unlock is a DC, at which point they have to be an admin of
the DCs.

  joe

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd
(NIH/CC/DNA)
Sent: Monday, February 28, 2005 9:31 AM
To: [email protected]
Subject: RE: [ActiveDir] Unlock Workstation User Right

Account Operators Local Group I think.  Must us ADU&C, you might have to
grant permissions to the group if inheritance is blocked on some OUâs.

Todd Myrick


From: Tim Foster [mailto:[EMAIL PROTECTED]
Sent: Monday, February 28, 2005 9:08 AM
To: [email protected]
Subject: [ActiveDir] Unlock Workstation User Right

I want to grant some users the right to unlock workstations in a W2K3
domain.  I have scanned through Group Policy and I canât seem to find the
appropriate setting to do this.  Is this a right that is automatically
granted to one of the Built-In groups?  If so, which one?  It seems
overkill to have to add users to the Administrators group to get this
right.

Thanks in advance for any help the list can give.

[EMAIL PROTECTED]       Vry&-4ibb

Reply via email to