I am trying to change a local user's group memberships on a production server running Windows 2008 Server. This I am able to do. However, when changing the membership, a message indicates that the user must log in to the server for the changes to take effect. Unfortunately, this user does not have access to remote desktop into the server, and as it is a production server it would probably not be a good idea to enable this access.
Is there any way I can apply local group membership changes without the user needing to log in afterwards?
Thanks in advance.
This conversation is currently closed to new comments.
Let me get this straight. You want to create local policies on a server for a user who is not allowed to log on locally to the server?
Usually, when a user logs in remotely they use a domain account...
If you don't know the difference between domain policy and local policy you need to set down the admin password and back away from the terminal slowly. It is not something to be taken lightly. It's easy to set up policies that do nothing and policies that have unintended consequences.
I am normally a web application developer, so all of this is rather new to me. My main concern is to do things the right way.
To give you some background, we have a Windows console application that runs through a Scheduled Task under a dedicated service account on a batch server. This service account was set up to be a member of the Administrators group on the batch server. I have been asked to remove this account from the Administrators group and add it to the custom Batch Job Users group.
I hope my question makes more sense now.
Collapse -
Does this help?: Log on to the server doesn't mean RDP in any way.
This machine with the user account you just changed is part of a domain, right? When in use, it is normally connected to the domain, yes? If so, when a user logs on, they log on to the domain.
Regardless, what you must do is go to the computer, log off the now defunct Admin account, and log on the new user account. It is apparently not logged on. When this domain logon occurs, all policy changes will be applied to the account.
I am not in a position to log in with the service account without using RDP as I have no physical access to the server.
From discussions with colleagues who have more experience with sys admin functions, I have found that the group membership changes will apparently be applied when the scheduled task next runs as the service account, which solves my problem.
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
How do I apply local group membership changes without logging in?
I am trying to change a local user's group memberships on a production server running Windows 2008 Server. This I am able to do. However, when changing the membership, a message indicates that the user must log in to the server for the changes to take effect. Unfortunately, this user does not have access to remote desktop into the server, and as it is a production server it would probably not be a good idea to enable this access.
Is there any way I can apply local group membership changes without the user needing to log in afterwards?
Thanks in advance.