I installed DNS and Active Directory on Windows 2000 and I have two big issues. First, users cannot log in from...
their workstations; they get "Access is Denied" when they try using their user login name, but if logging as administrator, it works fine using the same workstation. How do I set up the user's rights to log in to the server without granting the user administrative rights?
Second, is it necessary to use NetBIOS to be able to connect to the server? How can I implement a login script (.bat) to a group of users? Any effort to point me to an answer or solution is greatly appreciated.
Be sure that there is a Global Catalog that's accessible (testing all aspects of name resolution) from the workstations that are being problematic. If a GC cannot be contacted, only administrators will be able to log onto Active Directory. Also check the Local Security Policy on the domain controller to be sure that the "Access this computer from the network" setting has not been restricted to administrative users only.
For your second question, NetBIOS connectivity is only necessary if you have specific client workstations (like NT or 9x) or applications that require NetBIOS name resolution. If all of your clients and apps can use DNS for name resolution, you can disable NetBIOS from your server. Finally, you can enable logon scripts using Group Policy Objects attached to a Site, Domain or Organizational Unit.
Related Q&A from Laura Hunter
Active Directory expert Laura E. Hunter explains to a reader what must be done to change the default display specifiers for new users in Active ...continue reading
Active Directory expert Laura E. Hunter tells a reader what to keep in mind when deleting subnets associated with sites being removed in an ...continue reading
Active Directory expert Laura E. Hunter offers some advice for changing the IP addresses of domain controllers.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.