"Log on locally" rights may be tedious to modify on a number of servers. A command may be used to speed up the process.
The mentioned "Log On Locally" rights allow your users to log on locally on the server. All the users in the Active Directory Forest are allowed to log on to any server by default, except for domain controllers. Local users security group is added in the example below to the "Allow Log On locally" rights of local server; the security group contains the Domain Users security local group.
If a security group is created and you wish to allow only the members of that group to log on locally on specified servers, it should be done either manually, or by using a script.
In the example below a group named "Remote Access" has been created and only members of that security group are granted the right to log on to the selected servers. Put the names of the servers to a text file, say 'servers.txt', one per line, and run the following command (in a command-line box):
For /F "Tokens=*" %a in (servers.txt) Do ntrights.exe -m \\%a -u "MYDOMAIN\Remote Access" +r SeInteractiveLogonRight
The command above will assign "log on locally" rights to members of "Remote Access" group oif domain MYDOMAIN on the servers listed in the file servers.txt.
The mentioned "Log On Locally" rights allow your users to log on locally on the server. All the users in the Active Directory Forest are allowed to log on to any server by default, except for domain controllers. Local users security group is added in the example below to the "Allow Log On locally" rights of local server; the security group contains the Domain Users security local group.
If a security group is created and you wish to allow only the members of that group to log on locally on specified servers, it should be done either manually, or by using a script.
In the example below a group named "Remote Access" has been created and only members of that security group are granted the right to log on to the selected servers. Put the names of the servers to a text file, say 'servers.txt', one per line, and run the following command (in a command-line box):
For /F "Tokens=*" %a in (servers.txt) Do ntrights.exe -m \\%a -u "MYDOMAIN\Remote Access" +r SeInteractiveLogonRight
The command above will assign "log on locally" rights to members of "Remote Access" group oif domain MYDOMAIN on the servers listed in the file servers.txt.
