Re: Client Access Rights
From: Kurt (kurtl_at_olypen.com)
Date: 02/23/05
- Next message: Neil: "Re: 070-292"
- Previous message: sb: "Prometric or VUE?"
- In reply to: Steven L Umbach: "Re: Client Access Rights"
- Next in thread: Blaze: "Re: Client Access Rights"
- Reply: Blaze: "Re: Client Access Rights"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 23 Feb 2005 13:16:27 -0800
This would only be a problem if the users in question had domain admin
rights. I think you've hit the solution on the head. If the OPs users are
all domain admins, there's little hope for any kind of security..
..kurt
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:OQUfc5TGFHA.1456@TK2MSFTNGP09.phx.gbl...
> You can use Group Policy to do such. For instance place a group of
computer
> accounts in an Organizational Unit. Then create a Group Policy for that OU
> and add the global group you want to restrict to the deny logon locally or
> deny access this computer from the network user right in computer
> configuration/Windows settings/security settings/local policies/user
rights.
> Note that while this will work in general, ultimately you can not restrict
a
> domain admin that does not want to be restricted as they always have the
> power to undo settings that restrict them. To do such you really need to
use
> separate domains or better yet separate forests. You still can connect
> forests and/or domains with trusts. --- Steve
>
>
> "Blaze" <asda@ssfsdf.com> wrote in message
> news:h0PSd.51$Fc1.1@newsfe3-gui.ntli.net...
> > Hi
> >
> > How can I restrict a Domain User Group from access ing a range of client
> > PC's.. ie Admin cannot logon to Sales Departments PC's and Visa Versa
> >
>
>
- Next message: Neil: "Re: 070-292"
- Previous message: sb: "Prometric or VUE?"
- In reply to: Steven L Umbach: "Re: Client Access Rights"
- Next in thread: Blaze: "Re: Client Access Rights"
- Reply: Blaze: "Re: Client Access Rights"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
