Re: Windows Server 2003 Auto connect printers;
- From: "paul" <paul@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 11 May 2005 16:55:44 -0700
I removed the NT Authentication but then the user's don't have enough
permission to even login to the TS. What (minimum) rights would be required
then for a normal basic user to login to a TS without having NT
Authentication. Isn't some form of admin rights required for a non admin user
to login to a server?
I am glad we're almost there but now we just have to give the user more
rights in order to login without having NT Authentication.
THanks TP.
Paul
"paul" wrote:
> Thanks so much TP for your help. I'll try this as soon as I can when no users
> are on the TS. I'll let you know.
> Thanks
>
> Paul
>
>
> "TP" wrote:
>
> > That explains it. Users who are Administrators are able to see
> > all printers. "Normal" Users should not be a member of
> > administrators. This is very bad for security and stability of
> > the TS. Administrators can do all sorts of bad things to the
> > TS (intentionally & not), regardless of any group policies or
> > other measures you take to restrict them.
> >
> > In order to fix things you need to remove authenticated users
> > from the Administrators group. Then you are left to get your
> > software applications functioning properly with limited
> > permissions.
> >
> > You do this by granting only those permissions that are
> > absolutely necessary for each application to run. For example,
> > an application typically needs read access to its program
> > directory and registry keys at a minimum. Some applications
> > may need to read/write to their program directory as well as
> > subkeys of their main registry key. Other applications may
> > need you to use per-user class hives, etc.
> >
> > Logon to the server as an administrator and run filemon and
> > regmon from www.sysinternals.com. Then logon as a limited
> > user and run the problem app to see what areas of the file
> > system or registry it is being denied access to.
> >
> > Some applications can be a pain to get working properly
> > with limited permissions, but almost all will work. Others it
> > is a combination of permissions and setting the application's
> > data/save locations to different than default.
> >
> > If you have a specific app that you can't figure out, post
> > here and someone will help you.
> >
> > Thanks.
> >
> > -TP
> >
> > paul wrote:
> > > The Domain Users group is a member of the build in Users, that's it.
> > > Yes the TS is a member server, Authenticated Users is added to the
> > > local Admin group to give users local admin rights. We did this to
> > > solve some software issues. Would this be related to our printer
> > > issue and how? Where could I check again where we set the Permission
> > > Compatibility to?? Thanks for helping out, greatly appreciated.
> > >
> > > Paul
> > >
> >
> >
> >
.
- Follow-Ups:
- References:
- Windows Server 2003 Auto connect printers;
- From: paul
- Re: Windows Server 2003 Auto connect printers;
- From: TP
- Re: Windows Server 2003 Auto connect printers;
- From: paul
- Re: Windows Server 2003 Auto connect printers;
- From: TP
- Re: Windows Server 2003 Auto connect printers;
- From: paul
- Re: Windows Server 2003 Auto connect printers;
- From: TP
- Re: Windows Server 2003 Auto connect printers;
- From: paul
- Windows Server 2003 Auto connect printers;
- Prev by Date: Re: 2003 Domain does not see TS License Server
- Next by Date: Re: Windows Server 2003 Auto connect printers;
- Previous by thread: Re: Windows Server 2003 Auto connect printers;
- Next by thread: Re: Windows Server 2003 Auto connect printers;
- Index(es):
Relevant Pages
|
