Re: Security loop hole? How to restrict non-admin users

From: Kiran (anonymous_at_discussions.microsoft.com)
Date: 09/08/04 

Date: Wed, 8 Sep 2004 08:07:44 -0700

Hi Christoffer
    We are having a mixture of Windows 2000 with service
pack 4 and Windows 2003 servers
The Users are not in the local administrators group or any
other local group on the remote machine.
They can get into remote PC where they are not members of
any group and play around with shares, event viewer etc

I would expect this capability only for administrators
group on the remote machine.

How can I turn off access to non-admin users

Thanks in Advance
Kiran

   
>-----Original Message-----
>Kiran,
>Please provide us with the current Service Pack you have
applied?
>Are the users only regular users and not have membership
in local
>administrators group etc?
>
>--
>Regards
>Christoffer Andersson
>Microsoft MVP - Directory Services
>
>No email replies please - reply in the newsgroup
>------------------------------------------------
>http://www.chrisse.se - Active Directory Tips
>
>"Kiran" <anonymous@discussions.microsoft.com> skrev i
meddelandet
>news:7a2e01c4952b$7ff017b0$a601280a@phx.gbl...
>> Hi
>> Users can right click My Computer..Manage..right click
on
>> computer management..connect to another computer and
>> specify the name of remote computer
>>
>> Can easly get into another computer and play around with
>> shares amd other stuff.
>>
>> Is it a security loop hole? or How can we restirct non
>> admin users from doing this. They can really damage the
>> system.
>> This has to be done for more than 200 PCs in the domain.
>>
>> Servers are windows 2000 and windows 2003 Advanced
server.
>>
>>
>> Thanks in advance
>> Kiran
>
>
>.
>

Relevant Pages

  • Re: Security loop hole? How to restrict non-admin users
    ... We are having a mixture of Windows 2000 with service pack 4 and Windows 2003 servers ... They can get into remote PC where they are not members of any group and play around with shares, event viewer etc I would expect this capability only for administrators group on the remote machine. ...
    (microsoft.public.win2000.active_directory)
  • Re: Adding Global users to Local Groups using Active Directory
    ... If you don't have the support tools installed, ... users and groups for the remote machine and open the Local Administrators ... domain admins, Enterprise Admins and Administrators group for the domain. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Field Support Staff Administration of AD Servers
    ... Use Restricted Groups feature of Group Policy to make them members of local ... I am looking into what it will take to give our field support staff access to our AD environment. ... I want them to have full support ability on the servers that fall into their area of responsibility above and beyond of just OU administration. ... However I do not want them to be a member of the domain administrators group because I only need them to administer a few of the servers. ...
    (microsoft.public.win2000.active_directory)
  • Re: Error 4957 trying to install SMS_MP_Control_Manager
    ... administrators group of these servers? ... This is an SMS 2003 single ... > Background Intelligent Transfer Service is not installed or running. ...
    (microsoft.public.sms.admin)
  • Re: allow logon through terminal services
    ... We have a mixture of 2000 and 2003 servers. ... >> I have a Telecom user that needs to to be able to logon to ... >> non-server administrators from the domain administrators group. ... >> was one of the members of the domain admins group. ...
    (microsoft.public.windows.terminal_services)