I have Windows Server 2012 R2 system with Active Directory installed on it and using this computer for local development (Microsoft SharePoint).
What i wanted to do is to open the local Internet Explorer on this machine to run as a different user. I have created a simple user in the AD and i am not able to run as this user the Internet Explorer. I always get the following error message when i try to start it with the credentials of the new user:
Logon failure: the user has not been granted the requested logon type at this computer
Has someone an idea why this happens?
PS: Adding the users to the Administrators group is not an option …
Best Answer
It means what it says and says what it means. Standard users can not normally and should not normally log on to the desktop of an Active Directory Domain Controller.
You will need to create a group policy that allows users to 'log on locally' (IIRC, disables "Deny log on locally) for DCs and apply it to the user.
The better approach is to not use a DC as your desktop. If you need a DC for development, run it as a virtual guest on a standard workstation in hyperv and use the standard workstation (or another hyperv guest if you need a workstation to be a domain member) for your dev users.