Repost: Local logon and Network Access settings

From: "JJ Runnion" <jjrNOSPAM@xxxxxxxxx>
Date: Wed, 6 Apr 2005 07:42:50 -0500

I posted this a week or so ago, and didn't get a reply so I thought that I'd
ask again ...

okay, so i'm really confused and i've spent quite a bit of time reading the
MS tech docs etc. but am still not sure I get this.

Re: "Windows Settings\Security Settings\User Rights\Logon Locally" and
"\Access
this computer from the network."

I have server 2003 running as the DC and active directory across a single
domain. My question has to do with how "Logon Locally" works, especially
with respect to "Access this computer from the network".

I do not want users to be able to login to the local machine with local
accounts.
I do not want them to be able to logon to machines that they are not
supposed to
be using (in different OUs). The default domain GPO allows authenticated
users to logon locally and to Access from the network. So, if they have a
domain user account, then anyone should be able to logon to any computer to
which this GPO applies, right?
So, now I want to restrict who can login to the OUs at a lower level. I
have my users added
to security groups based on their need for access. If I change the "allow
network access" to
just the correct Security groups, will that do it? (Overwrite the default
Authenticated Users with specific
security group). Or do i also need to set Logon Locally?

Does the "Logon Locally" need to be set for all authenticated users? I know
this is probably not as complicated as I'm making it, but it's been very
confusing so if someone can spend a few minutes explaining it in the
simplest of terms (grin), i'd appreciate it. I've tried to understand it
based on MS tech references, but to little avail.

j

--
jj runnion
jjrNOSPAM@xxxxxxxxx

.

Follow-Ups:
- Re: Repost: Local logon and Network Access settings
  - From: Roger Abell

Prev by Date: Re: Administrative Templates: Windows 2003 SP1 or Windows XP SP2 ?
Next by Date: User policy based on Machine
Previous by thread: Administrative Templates: Windows 2003 SP1 or Windows XP SP2 ?
Next by thread: Re: Repost: Local logon and Network Access settings
Index(es):
- Date
- Thread

Relevant Pages

Local logon and Network Access settings
... MS tech docs etc. but am still not sure I get this. ... with respect to "Access this computer from the network". ... Does the "Logon Locally" need to be set for all authenticated users? ... confusing so if someone can spend a few minutes explaining it in the ...
(microsoft.public.windows.group_policy)
RE: IIS problem with IUSR and IWAM passwords.
... would like to know what are Authenticated users, NETWORK and INTERACTIVE. ... Authenticated users includes all users whose identities were authenticated ... Microsoft Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
(microsoft.public.windows.server.sbs)
Re: Making Two LANs?
... "I suspect the presence of the second ethernet card produced it. ... I think you're confusing the physical device with the logical network connection. ... If you now go the network settings page, you should magically find a new network connection. ...
(microsoft.public.win2000.networking)
Re: Open Access to Shares
... Thus far we only allow users only access to their own files, changing NTFS ... permissions of authenticated users to owner only access, ... How complicated is an implementation of IPSEC across the network, ... authenticated users access to the shares. ...
(microsoft.public.security)
Re: When I put in "Authenticated Users", everything stops.
... Try putting any rules with authenticated users below any "all users" rules, ... NIC 3 = External Network = Everything else ... I can map the wide-open share on the perimeter network. ... everything stops. ...
(microsoft.public.isaserver)