Windows Server 2003 – Administrative Settings

 

Start - Run – Type  “mmc.exe”

 

Click “File” – Click “Add/Remove Snap-in”

 

Click “Add”  - scroll to Group Policy Object Editor – click “Add”

 

In the Group Policy Object box, “Local Computer” is the default, click “Finish”


Click “Close”, and then click “OK”

 

Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\

Local Policies\User Rights Assignment

 

Policy List

Access this computer from the network

Act as part of the operating system

Add workstations to domain

Adjust memory quotas for a process

Allow log on locally

This one is the source of a lot of problems. Ever get the message "The local policy of this system does not allow you to logon interactively"? Here is where that gets fixed. I found this on the internet, and thought it explained it very well.
It means that the user doesn't have the rights to sit down in front of the console of the machine and logon. This contrasts to the logon from network right, which controls whether you can authenticate to the machine remotely. This logon interactively right is controlled via Group Policy, specifically under Computer Configuration|Windows Settings|Security Settings|Local Policies|User Rights Assignment|Log on Locally

Allow log on through Terminal Services

Back up files and directories

Bypass traverse checking

Change the system time

Create a pagefile

Create a token object

Create global objects

Create permanent shared objects         

Debug programs

Deny access to this computer from the network

Deny log on as a batch job       

Deny log on as a service          

Deny log on locally

Deny log on through Terminal Services

Enable computer and user accounts to be trusted for delegation

Force shutdown from a remote system

Generate security audits

Impersonate a client after authentication

Increase scheduling priority

Load and unload device drivers

Lock pages in memory

Log on as a batch job

Log on as a service

Manage auditing and security log

Modify firmware environment values

Perform volume maintenance tasks

Profile single process

Profile system performance

Remove computer from docking station

Replace a process level token

Restore files and directories

Shut down the system

Synchronize directory service data       

Take ownership of files or other objects