Adding User Rights To A Windows 2003 Domain Controller

 

Here you will find information on how to assign user rights on a Windows 2003 Domain Controller.

 

This example will show you how to add the right to "log on as a service". You can also use this guide to add user accounts to any of the rights listed at the end of this page.

 

1. Select “Domain Controller Security Policy” from the Administrative tools.

 

2. Expand “Local Policies”

 

3. Select “User Rights Assignment” and double click on the "log on as a service" in the leaf to the right.

 

4. Select "Add user or group" and enter the username as Domain\Account name or select the “Browse” button to browse for the account name and then add it.

 

5. Click “Apply” then click “OK” and you are returned to the Domain Controller Security Policy applet where you can exit when you have completed your tasks.

 

The list below is a listing of the User Rights Assignment(s) for Windows 2003 Server Service Pack (SP) 2:

 

Access this computer from the network

Act as part of the operating system

Add workstations to domain

Adjust memory quotas for a process

Allow log on locally

Allow log on through Terminal Services

Back up files and directories

Bypass traverse checking

Change the system time

Create a pagefile

Create a token object

Create global objects

Create permanent shared objects

Debug programs

Deny access to this computer from the network

Deny log on as a batch job

Deny log on as a service

Deny log on locally

Deny log on through Terminal Services

Enable computer and user accounts to be trusted for delegation

Force shutdown from a remote system

Generate security audits

Impersonate a client after authentication

Increase scheduling priority

Load and unload device drivers

Lock pages in memory

Log on as a batch job

Log on as a service

Manage auditing and security log

Modify firmware environment values

Perform volume maintenance tasks

Profile single process

Profile system performance

Remove computer from docking station

Replace a process level token

Restore files and directories

Shut down the system

Synchronize directory service data

Take ownership of files or other objects

 

 

Published Sunday, August 26, 2007 11:57 AM by dhite
Filed under:

Comments

No Comments