Re: local admin w/o network rights

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 06/30/04 

Date: Wed, 30 Jun 2004 01:54:27 GMT

To prevent a user from accessing computers over the network, add that user/group to
the "deny accessing this computer from the network" user right in security policy
under security settings/local policies/user rights. You could do that at the domain
or Organizational Unit level if you use OU's. Do not however do that in Domain
Controller Security Policy or in the Local Security Policy of domain controllers as
that user/group may not be able to logon to the domain then. --- Steve

"pittspeed" <turbovw18@hotmail.com> wrote in message
news:OPl2ajgXEHA.3988@tk2msftngp13.phx.gbl...
> i made a post yesterday on how to implement a GPO for a 'desktop admin' that
> could work on a local machine but have no network access.... since i've
> followed the steps of creating the security group 'desktop admin' with local
> admin rights.... then i added a user to the member of desktop admin...
>
> then i went to my current administrator GPO and added the restricted user as
> outlined in this responce
>
> "For example, to add a domain group to the power users group (local
> only):
>
> Load a GPO and navigate to Computer Configuration\Windows Settings\Security
> Settings\Restricted Groups
>
> Right-click and choose add.
>
> Enter Power Users (don't use Browse)
>
> Double-click on Power Users (once it's been added) and add the new group
> Desktop Admins to the 'Members of this group' section.
>
> Upon policy refresh, the new group will be added to the local power users
> groups on local PCs"
>
> after a reboot and policy refresh my user has full network rights and is
> wide open in all aspects. So i did something incorrectly, do you have any
> suggestions?
>
> i was thinking about it and created a new org. unit with a new GPO and did
> the restricted user and still, the user has full blown rights. I'm
> confused... any insight?
>
> thanks in advance.
>
>
>

Relevant Pages

  • Re: IPMSG.EXE
    ... > based network messeging program ipmsg.exe downloaded from some site.I ... If you have a large number of users who are circumventing a security policy, ... "keep doing this and you risk being fired". ...
    (microsoft.public.security)
  • Re: Unable to establish connection btwn XP and 98se machines sharing router
    ... There's a big difference in configurability and settings ... (you can access the local security policy only on a Pro machine). ... > establish the network independently by cleaning out all the network ...
    (microsoft.public.windowsxp.network_web)
  • Re: Network access error.
    ... The users may not have permission on the other computer you are trying to ... access due to a local security policy. ... click on "Access this computer from the network." ... in the Local Security Policy scroll and find "Deny access to this ...
    (microsoft.public.windowsxp.network_web)
  • Re: Cannot Share Files Over Network
    ... The users may not have permission on the other computer you are trying to ... access due to a local security policy. ... click on "Access this computer from the network." ... in the Local Security Policy scroll and find "Deny access to this ...
    (microsoft.public.windowsxp.network_web)
  • Re: Need help w/ group policy
    ... I set in the GPO editor. ... security policy and in the gpo which is enforced both to the computer ... > If with domain accounts, then set password policies in a GPO ...
    (microsoft.public.windows.group_policy)