A Quick Tip To Modify Logon Rights On Multiple Computers

Log On Locally rights allows your users to log on locally on the server. By default, all the users in the Active Directory Forest are able to log on to any server except domain controllers. The Local Users Security Group is added to the "Allow Log On Locally" rights on local server and this security group contains the Domain Users security local group. If you have created a security group and want to allow only the members of this Security Group should be able to log on locally on specified servers then you must do it manually, using a Group Policy or using a script.

In this example, I have created a domain security group named: RDP Access and members of this security group should be able to log on locally on 100 servers out of 500 servers in my environment.

Steps:

  • Create a text file: Servers.txt
  • Copy all the 100 server names in this text file.
  • Run the following command:

For /F "Tokens=*" %a in (Servers.txt) Do Ntrights.exe -m \\%a -u "Domain_Name\RDP Access" +r SeInteractiveLogonRight

The above command will assign the Log On Locally rights to RDP Access which is a domain local security group on the servers mentioned in the Servers.txt file.

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top