Re: Security loop hole? How to restrict non-admin users
From: ptwilliams (ptw2001_at_hotmail.com)
Date: 09/08/04
- Next message: Tom: "Webpage as backround"
- Previous message: Mark: "AdminSDholder issue question please"
- In reply to: Kiran: "Re: Security loop hole? How to restrict non-admin users"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 8 Sep 2004 21:02:44 +0100
I think the term 'play around with' is a little bit of an exaggeration ;-)
Sure, they can look at the any of the event logs except for the Security
one, and they can look at shares, sessions, etc. But it's all read-only
info. They can't administer any of this stuff.
As for disabling this, there's going to be several ways of doing this; the
easiest being, disabling the MMC on the users' PCs -via GPO - restricted
groups (XP) or do not run these apps policy.
Possibly, more drastic measures such as disabling anonymous connections,
etc. may be able to limit this as well -don't know about that example for
sure though...
-- Paul Williams _________________________________________ http://www.msresource.net Join us in our new forums! http://forums.msresource.net _________________________________________ "Kiran" <anonymous@discussions.microsoft.com> wrote in message news:0a7201c495b5$97c53700$a401280a@phx.gbl... Hi Christoffer We are having a mixture of Windows 2000 with service pack 4 and Windows 2003 servers The Users are not in the local administrators group or any other local group on the remote machine. They can get into remote PC where they are not members of any group and play around with shares, event viewer etc I would expect this capability only for administrators group on the remote machine. How can I turn off access to non-admin users Thanks in Advance Kiran >-----Original Message----- >Kiran, >Please provide us with the current Service Pack you have applied? >Are the users only regular users and not have membership in local >administrators group etc? > >-- >Regards >Christoffer Andersson >Microsoft MVP - Directory Services > >No email replies please - reply in the newsgroup >------------------------------------------------ >http://www.chrisse.se - Active Directory Tips > >"Kiran" <anonymous@discussions.microsoft.com> skrev i meddelandet >news:7a2e01c4952b$7ff017b0$a601280a@phx.gbl... >> Hi >> Users can right click My Computer..Manage..right click on >> computer management..connect to another computer and >> specify the name of remote computer >> >> Can easly get into another computer and play around with >> shares amd other stuff. >> >> Is it a security loop hole? or How can we restirct non >> admin users from doing this. They can really damage the >> system. >> This has to be done for more than 200 PCs in the domain. >> >> Servers are windows 2000 and windows 2003 Advanced server. >> >> >> Thanks in advance >> Kiran > > >. >
- Next message: Tom: "Webpage as backround"
- Previous message: Mark: "AdminSDholder issue question please"
- In reply to: Kiran: "Re: Security loop hole? How to restrict non-admin users"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
