Windows
Server 2003 – Administrative Settings
Start
- Run – Type “mmc.exe”
Click
“File” – Click “Add/Remove Snap-in”
Click
“Add” - scroll to Group Policy Object
Editor – click “Add”
In
the Group Policy Object box, “Local Computer” is the default, click “Finish”
Click “Close”, and then click “OK”
Local
Computer Policy\Computer Configuration\Windows Settings\Security Settings\
Local
Policies\User Rights Assignment
Policy List
Access this computer from the network
Act as part of the operating system
Add workstations to domain
Adjust memory quotas for a process
Allow log on locally
This one is the source of a lot of problems. Ever get the message "The local policy of this system does not allow you to logon interactively"? Here is where that gets fixed. I found this on the internet, and thought it explained it very well.
It means that the user doesn't have the rights to sit down in front of the console of the machine and logon. This contrasts to the logon from network right, which controls whether you can authenticate to the machine remotely. This logon interactively right is controlled via Group Policy, specifically under Computer Configuration|Windows Settings|Security Settings|Local Policies|User Rights Assignment|Log on Locally
Allow log on through Terminal Services
Back up files and directories
Bypass traverse checking
Change the system time
Create a pagefile
Create a token object
Create global objects
Create permanent shared objects
Debug programs
Deny access to this computer from the network
Deny log on as a batch job
Deny log on as a service
Deny log on locally
Deny log on through Terminal Services
Enable computer and user accounts to be trusted for delegation
Force shutdown from a remote system
Generate security audits
Impersonate a client after authentication
Increase scheduling priority
Load and unload device drivers
Lock pages in memory
Log on as a batch job
Log on as a service
Manage auditing and security log
Modify firmware environment values
Perform volume maintenance tasks
Profile single process
Profile system performance
Remove computer from docking station
Replace a process level token
Restore files and directories
Shut down the system
Synchronize directory service data
Take ownership of files or other objects