Here are the notes that I have been using: Open AD Users and Computers. Create a Global group Add members to group accordingly, then assign directory rights accordingly.
Click Start -> Programs -> Administrative Tools and click Domain Controller Security Policy. Double click the Security Settings folder, double click Local Policies, and then click User Rights Assignment. Under the Policy column, click Logon Locally, and then click Add. Click Browse, select the appropriate group, then click Add. Click Ok, click Ok, click Ok. Open a command prompt and type the following command: secedit /refreshpolicy machine_policy /enforce Press Enter twice. MS has changed the secedit command in 2003. To force a policy refresh, the command is gpupdate. <http://www.microsoft.com/resources/documentation/WindowsServ/2003/stand ard/proddocs/en-us/Default.asp?url=/resources/documentation/windowsserv/ 2003/standard/proddocs/en-us/RefrGP.asp> I also have a PDF document from IBM which indicates to update the local security policy and then the domain security policy and add log on locally and access this computer from the network rights. Hth Colin Alfke Calgary, Canada >-----Original Message----- >From: Paul Parkinson > >Thanks but this doesn't seem to work with 2003 Server. If I >add users to any group other than administrators they cannot >login to the Unidata account > >Paul ------- u2-users mailing list [email protected] To unsubscribe please visit http://listserver.u2ug.org/
